ASP+database works under HTTP not HTTPS

I have an Test page that works fine under HTTP
but fails under HTTPS (a shared SSL) with:

Microsoft JET Database Engine error '80040e09'
Cannot update. Database or object is read-only.

All non-database pages work fine under both.

My Web host tells me that my ASP page
"was coded for a non-secure environment."
whatever that means.

Here's the code:

<%
' This ASP (Active Server Pages) program does the following:
' 1) Tests the ability to update an MS-Access database table.
'*
Const cDSN = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
Const cMDB = "Test.mdb"
Const adCmdTable = &H0002
Const adLockOptimistic = 3
Const adOpenKeySet = 1
'*
'* Update Database
'*
Dim objADO
Set objADO = Server.CreateObject("ADODB.Connection")
objADO.Open cDSN & Server.MapPath(cMDB)
Dim objRST
Set objRST = Server.CreateObject("ADODB.Recordset")
objRST.Open "Test", objADO, adOpenKeyset, adLockOptimistic,
adCmdTable
objRST.AddNew
objRST("DateTime").value = Now()
objRST.Update
Set objRST = Nothing
objADO.Close
Set objADO = Nothing
%>

Does anyone have any ideas? Thanks in advance.


P.S. Their (almost) full response was:

Ive taken a look at this issue a bit closely and I believe the issue is a
coding issue. I know that the Test.asp page works fine in a non-secure
connection, but when it is processed through a secure connection, the script
fails. Other ASP scripts can be loaded through the same path that you have
provided me. For instance, the following file works fine when pulled through
a secure connection:

https://secure.mydomain.com/user/index.asp

The next question in your head most likely is "Well, why did the page work
when not in a secure connection? After all, it is the same working
ADC~Test.asp file". I believe this is because the way the page was coded was
in a manner that would only work in a non-secure environment. I am not an
ASP coder, I personally prefer and deal with PHP/MySQL, however, the
permission's were double-checked by the administrator and they are
functioning correctly. Proof of this is in the secure pages that get
processed above. The only logical explanation is that the page was coded for
a non-secure environment.

Re: ASP+database works under HTTP not HTTPS

McKirahan wrote:
> I have an Test page that works fine under HTTP
> but fails under HTTPS (a shared SSL) with:
>
> Microsoft JET Database Engine error '80040e09'
> Cannot update. Database or object is read-only.

> The next question in your head most likely is "Well, why did the page
> work when not in a secure connection? After all, it is the same
> working ADC~Test.asp file". I believe this is because the way the
> page was coded was in a manner that would only work in a non-secure
> environment. I am not an ASP coder, I personally prefer and deal with
> PHP/MySQL, however, the permission's were double-checked by the
> administrator and they are functioning correctly. Proof of this is in
> the secure pages that get processed above. The only logical
> explanation is that the page was coded for a non-secure environment.

This is a silly and illogical conclusion. There is no way to code a
database update differently for a non-secure vs. secure environment. Ask him
if there's any way to cause this same situation in PHP, since he says he's a
PHP coder.

It's a permissions issue. The user context being used under https does not
have sufficient permissions (read/write) for the folder containing the
database. There is no other possible cause (barring the database file being
set to read-only via its attributes).

I've never used https, so I'm not sure abvout the answer to this: is the
IWAM account used under https instead of the IUSR account?

Bob BArrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Re: ASP+database works under HTTP not HTTPS

"Bob Barrows [MVP]" wrote in message
news:#K5Vor4PFHA.2584@TK2MSFTNGP15.phx.gbl...
> McKirahan wrote:
> > I have an Test page that works fine under HTTP
> > but fails under HTTPS (a shared SSL) with:
> >
> > Microsoft JET Database Engine error '80040e09'
> > Cannot update. Database or object is read-only.
>
> > The next question in your head most likely is "Well, why did the page
> > work when not in a secure connection? After all, it is the same
> > working ADC~Test.asp file". I believe this is because the way the
> > page was coded was in a manner that would only work in a non-secure
> > environment. I am not an ASP coder, I personally prefer and deal with
> > PHP/MySQL, however, the permission's were double-checked by the
> > administrator and they are functioning correctly. Proof of this is in
> > the secure pages that get processed above. The only logical
> > explanation is that the page was coded for a non-secure environment.
>
> This is a silly and illogical conclusion. There is no way to code a
> database update differently for a non-secure vs. secure environment. Ask
him
> if there's any way to cause this same situation in PHP, since he says he's
a
> PHP coder.
>
> It's a permissions issue. The user context being used under https does
not
> have sufficient permissions (read/write) for the folder containing the
> database. There is no other possible cause (barring the database file
being
> set to read-only via its attributes).
>
> I've never used https, so I'm not sure abvout the answer to this: is the
> IWAM account used under https instead of the IUSR account?
>
> Bob BArrows
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.


Thanks, Bob. I've passed your response along and will keep you posted.

Re: ASP+database works under HTTP not HTTPS

McKirahan wrote:
>> This is a silly and illogical conclusion. There is no way to code a
>> database update differently for a non-secure vs. secure environment.
>> Ask him if there's any way to cause this same situation in PHP,
>> since he says he's a PHP coder.
> Thanks, Bob. I've passed your response along and will keep you
> posted.
I hope you removed the word "silly" .. :-)
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.