> What keeps someone from loading up the model-glue XML file through their > browser?
Nothing by default, I suppose. > How should you protect it? In general, there are three ways to prevent people from viewing things on your web server. 1. Don't place it in a web-accessible directory. Off the top of my head, I don't know how easy it is to do this with MG config files, but it's probably possible. 2. Use the web server's access controls to prevent it from serving specific files or URL patterns. 3. Set permissions on the filesystem appropriately. The IIS or Apache user accounts don't need to read these files. I prefer (1) if at all possible, because it's the easiest to not screw up, but any of those approaches will do. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329251 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
