Like Dave said ;-) A good way to think about it is this: Anything under the web root can be retrieved. Sure there are ways to lock down folders and files, but the best way to lock them down is for them to not be there in the first place. Anything that needs to be accessed via an HTTP request (that includes images, JavaScript files, CSS files, etc.) needs to be under the web root. Not much else does, and therefore should not be there.
--- Ben -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, January 09, 2006 4:58 PM To: CF-Talk Subject: RE: Robots.txt - - best practices > Would that same rule of thumb apply for logic code? Say if I separate > out all of my queries, cfc's etc... from the presentation layer should > I keep those logic based templates out of the root as well? Yes, to the extent that this is practical. For example, I typically place CFCs, custom tags, UDF libraries, etc outside of the web root, and create mappings as necessary. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228928 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
