RE: cfinclude w/ext other than .cfm

Justin Buist Sun, 18 Feb 2001 17:02:40 -0800
Files containing sensitive data shouldn't even be in a directory viewable by
a remote web browser.

If memory serves me right CF requires that the files be named .cfm (at least
this is what the docs say, right?)... AND the file has to be within your web
hierarchy.  Neither of which are things you really should be doing; but it
looks like you actually have to.

I wouldn't count on giving a file an extension like .cfm, .php, or .asp
guarantee that the server will be smart enough to try and parse it either.
I remember an ASP bug (which boiled down to NTFS) that let you append
soemthing along the lines of ::$DATA at the end of a URL and get the full
source to the .asp file.  Never found out whether or not this would work
with PHP or CF on an NT machine though; although it'd be easy to check.

Justin Buist


-----Original Message-----
From: bananachunks
To: CF-Linux
Sent: 2/18/01 8:08 PM
Subject: RE: cfinclude w/ext other than .cfm

The thought of doing something like that just scares me anyway - if for
some
reason someone knows to hit dsp_searchsub.inc, it will normally display
that
templates text to them...  Therefore, any 'included' files, for me,
anyway,
end with '.cfm'.  Same thing for PHP - some of these apps I download
(popular apps) and they include 'config.inc' or whatnot - you know that
if
you ever see someone running that app, you can easily view their include
file, full source - once again, I always include '.php' files in that
instance...

Just my .02
geo

-----Original Message-----
From: Jim Priest [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 18, 2001 7:47 PM
To: CF-Linux
Subject: cfinclude w/ext other than .cfm

On my Windows 2000 server I can do something like:

<cfinclude template="dsp_searchsub.inc">

And it works fine... This doesn't seem to work on my Linux box (both
are running CF4.5)  The cfinclude on Linux will only work if the file
is named .cfm.

Any ideas???

Thanks
Jim


------------------------------------------------------------------------
----
--
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux
or
send a message to [EMAIL PROTECTED] with 'unsubscribe'
in
the body.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: cfinclude w/ext other than .cfm

Reply via email to
