I have a different application. The config files in my system are stored as ".cfm" files. They are still XML... but they do not have a "cfoutput" so they do not display to the screen.
1. Do this in your "application.cfm" file. <cfset request.doEnd = TRUE> <cfsetting enablecfoutputonly="Yes" showdebugoutput="No"> 2. If you use "OnRequestEnd.cfm" for output... do this... <cfparam name="request.doEnd" default="FALSE"> <cfif request.doEnd> ... code ... </cfif> You can do more... but I have agreed with that point for a season. This how I would resolve it. This demands that output be "declared"... and it is a good process... and it also eliminates much white space! (More of an issue in previous versions of coldfusion though. John Farrar ----- Original Message ----- From: "Douglas Humphris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 04, 2004 6:25 AM Subject: [CFCDev] Mach-ii config file I'm surprised that the Mach-II skeleton framework has the main Mach-II.xml config file in the webroot so that anyone can browse directly to /config/mach-ii.xml and read all your events etc. I just feel uncomfortable with exposing the inners of my application, so I've moved my config file up one level to hide it. I'm not a security/hacker expert, so was just wondering if anyone can say whether I'm worrying about nothing? On the flip side, when I was learning Mach-ii a few weeks ago, I found it useful to look up other live mach-ii.xml files and see what others are doing. Douglas ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED] ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
