This is a long response. If you're not interested, you might want to skip
the rest.
> True. I should have been more specific. I think of them as
> the same almost. :)
That's an easy habit to get into.
> Oh, side note on that. If you delete the ide.cfm page on an
> IIS webserver, it'll still work.
By default, IIS doesn't check for a script's existence before passing the
request to the script engine. You can change this in the ISAPI mapping
configuration, but it'll hurt performance a bit to do this.
In any case, if you set permissions for ide.cfm so that it can't be read by
the web server's authenticated user context, you won't be able to connect
via RDS.
> I've done that and the url based info is not enough for file
> saving and other operations. There dosn't seem to be any form
> info being passed which is why we were looking at the COM
> service that ships with studio. It seems to have all the pieces
> to do the work that RDS can do. I'm going to hit raymond up
> on this again as he's now inside of Allaire. I doubt he'll
> tell me how its done, but would probably tell me if it is the
> studio COM service doing the work.
It's not COM. I can guarantee that. There are a couple of reasons why I can
do that, even if I hadn't recorded RDS traffic.
1. Solaris/Linux/HP-UX don't support COM without an addon from Software AG,
but RDS works fine.
2. There's no traffic other than over HTTP.
3. RDS works. Getting any kind of DCOM working is not a trivial task, and
generally requires quite a bit of permissions futzing, among other things.
DCOM over HTTP is still pretty new stuff, and it doesn't work all that well
either.
I suspect that Studio uses COM to instantiate either WinInet or Internet
Explorer libraries on the client machine, so that Allaire wouldn't have to
write all the underlying code to deal with HTTP. My suspicion about this
comes from the fact that, if you set permissions on ide.cfm in such a way as
to require the web server to request NTLM Authentication, Studio will pop up
the NTLM Authentication window when you try to connect.
As for whether all the info is being passed over HTTP, I can tell you that
it is - just not within URL data. It's sending the bulk of the data in the
request body; not as form variables, but as one big string. Here's a sample
request/response cycle showing the creation of a new file via RDS:
----------- request
POST /CFIDE/main/ide.cfm?CFSRV=IDE&ACTION=FileIO HTTP/1.1
Content-Type: application/x-ColdFusionIDE
User-Agent: CFSSVR~1
Host: my.machine.com:8080
Content-Length: 226
Cache-Control: no-cache
Authorization: Basic (deleted)
Connection: Keep-Alive
Cookie: HTMLA=FONTSIZE=LARGE; CFID=3; CFTOKEN=30596292
5:STR:30:C:/Inetpub/wwwroot/rdstest.cfmSTR:5:WriteSTR:1:2STR:155:<!DOCTYPE
HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>test</title>
</head>
<body>
RDS test
</body>
</html>
STR:0:
---------- response
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Wed, 29 Nov 2000 20:22:27 GMT
Connection: close
Content-type: text/html
1:2:XX
<P><HR><B>Execution Time</B><P><PRE>10 milliseconds</PRE><Table border=0>
<TR><TD align=right><FONT SIZE=-2>10 ms</FONT></TD><TD align=left><FONT
SIZE=-2>STARTUP, PARSING, & SHUTDOWN</FONT></TD></TR>
</TABLE>
<P><HR><B>Parameters</B><PRE><B>URL Parameters:</B>
ACTION=FileIO
CFSRV=IDE
<B>CGI Variables:</B>
AUTH_PASSWORD=password
AUTH_TYPE=Basic
AUTH_USER=domain\user
CERT_COOKIE=
CERT_FLAGS=
CERT_ISSUER=
CERT_KEYSIZE=
CERT_SECRETKEYSIZE=
CERT_SERIALNUMBER=
CERT_SERVER_ISSUER=
CERT_SERVER_SUBJECT=
CERT_SUBJECT=
CF_TEMPLATE_PATH=C:\Inetpub\wwwroot\CFIDE\main\ide.cfm
CONTENT_LENGTH=226
CONTENT_TYPE=application/x-ColdFusionIDE
GATEWAY_INTERFACE=CGI/1.1
HTTP_AUTHORIZATION=Basic (deleted)
HTTP_CACHE_CONTROL=no-cache
HTTP_CONNECTION=Keep-Alive
HTTP_CONTENT_LENGTH=226
HTTP_CONTENT_TYPE=application/x-ColdFusionIDE
HTTP_COOKIE=HTMLA=FONTSIZE=LARGE; CFID=3; CFTOKEN=30596292
HTTP_HOST=my.machine.com:8080
HTTP_USER_AGENT=CFSSVR~1
HTTPS=off
HTTPS_KEYSIZE=
HTTPS_SECRETKEYSIZE=
HTTPS_SERVER_ISSUER=
HTTPS_SERVER_SUBJECT=
PATH_INFO=/CFIDE/main/ide.cfm
PATH_TRANSLATED=C:\Inetpub\wwwroot\CFIDE\main\ide.cfm
QUERY_STRING=CFSRV=IDE&ACTION=FileIO
REMOTE_ADDR=127.0.0.1
REMOTE_HOST=127.0.0.1
REMOTE_USER=domain\user
REQUEST_METHOD=POST
SCRIPT_NAME=/CFIDE/main/ide.cfm
SERVER_NAME=my.machine.com
SERVER_PORT=80
SERVER_PORT_SECURE=0
SERVER_PROTOCOL=HTTP/1.1
SERVER_SOFTWARE=Microsoft-IIS/5.0
WEB_SERVER_API=ISAPI
Reading the request data, you can see that Studio is sending a string in the
request body which tells RDS what to do:
(in the URL): ACTION=FileIO
(in the request body):
5 - maybe the number of contained substrings?
STR:30, followed by a 30-character file path and name
STR:5, followed by the string "Write"
STR:155, followed by the file content
STR:1:2 (I have no idea what this is, although it shows up quite a bit, so
maybe it's a "Yes" or something like that.
STR:0 - maybe an EOF marker
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
