> Dave, this is an interesting idea which we haven't pursued yet. I don't > have a clear sense of how the server configuration would work here. Would > you have two separate db servers (one for authored content and one for > published content) that would sync up? Or would you have an authoring > infrastructure that would then generate more traditional static html? I'm > just trying to get a sense of how the separation would work.
It can vary, but it's usually pretty simple: an authoring environment and a production environment where content is published. This by itself really has nothing to do with preventing XSS on its face, but it prevents unauthorized users from being able to create content - the production environment simply has no way to allow users to create or edit content. These environments typically either share a database, or data is migrated automatically from one database to another. Of course, we still need to sanitize content prior to production, but we only have to worry about people with access to the physical network where the authoring environment lives. This is often a fairly small group, and hopefully a more trustworthy group. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357811 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
