> directory contains CFM pages for maintaining your
> web application, as well as some .PDFs of proprietary
> business info, some .jpg mockups of your new logo
> design, some .txt files containing sales data, etc.
This sounds exactly like the perfect situation for web/CF managed, off the
webroot storage via CFCONTENT.
> What if you're using the CFM intermediary protection
> method and somebody gets sloppy (as they eventually
> will) and uploads a file to...
If you use a Web interface and CF to manage these documents then no-one's
going to do this because the program would be written correctly and wouldn't
put things in the wrong place. IF you have a requirement that end users
have direct access to drop files into directories, I would suggest using
Microsoft user security (assuming your are on Win32) to restrict access to
all but the correct folder.
I still don't see a good reason to put all the files into the webroot. It's
tempting to think that CF's handling it either way and that it makes no
difference which method you choose, but they are very different. CFCONTENT
is just going to push out the file, bypassing the parsing engine. Running
them all through the parsing engine will cause CF to look through every
character of each file looking for pound signs and cf tags. Very resource
intensive.
> It's not that hard to do in .NET and I'll be
> disappointed if the same thing can't be
> accomplished with CF.
Any language you choose will do some things better than others. You should
probably go ahead and prepare yourself to be continually disappointed if you
think there is one language/platform that does everything that every other
language will do, and does everything just as good as other
languages(environments). If .NET is a better overall solution, then stop
using CF and use .NET. If it's not, then comparing this feature isn't
really very constructive to the success of your project.
-Cameron
-----------------
Cameron Childress
Sumo Consulting Inc
---
land: 858.509.3098
cell: 678.637.5072
aim: cameroncf
email: [EMAIL PROTECTED]
-----Original Message-----
From: Conan Saunders [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 10, 2004 1:42 PM
To: CF-Talk
Subject: RE: serving non-CFM files w/ Cold Fusion
I'm not concerned about load--regular graphics and resource files that
don't need protection would come from a non-protected directory that
wouldn't involve any CF processing.
Say you have a directory "/admin" on a site. That directory contains CFM
pages for maintaining your web application, as well as some .PDFs of
proprietary business info, some .jpg mockups of your new logo design, some
.txt files containing sales data, etc. It would be nice to know that every
single file, of any type, stored beneath "/admin" is protected by your Cold
Fusion login, WITHOUT having to store all non-CFM pages outside of the web
directory and set up a CFM intermediary to access them using CFCONTENT.
What if you're using the CFM intermediary protection method and somebody
gets sloppy (as they eventually will) and uploads a file to
"/admin/TopSecretSalesData.txt"? rather than "C:\NotWebAccessible"? If all
files of any type beneath "/admin" were protected, it wouldn't be a
problem. I'd like to be able to do this with my regular CF login, rather
than IIS authentication.
I admit that what I'm trying to do isn't strictly necessary, but it would
be nice. It's not that hard to do in .NET and I'll be disappointed if the
same thing can't be accomplished with CF.
Conan
At 03:05 PM 2/10/2004, you wrote:
>In theory you could do the same with CF as you have seen in .NET. In both
>cases however, I'd say that the added load on the server isn't worth the
>benefit of "protecting" the other files in the directory.
>
>Typically there are few good reasons images that are included as part of a
>page need to be protected at all, much less via CF. If images or documents
>do need to be protected in this manner they are usually moved out of the
>webroot and handled using the CFCONTENT method suggested in another email.
>
>I'm curious as to the requirement you are trying to satisfy and perhaps
>someone will suggest a more elegant solution than running every request
>through ColdFusion engine.
>
>-Cameron
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
