|
hello,
may be your client thinks that the the mach-ii.xml
file, which drive the app, can be easily modified by a malicious
hacker: you can move this file, and views too as they are <cfimport>-ed,
in a folder outside of site root; you can also
map another folder, say com, that contains the framework and, for each app,
subfolders containing all cfc's: listeners, BO,DAO's etc: this way only index.cfm and application.cfm are
exposed.
Bye
salvatore
|
- Re: [CFCDev] implicit invocation security concerns Salvatore Fusto
- RE: [CFCDev] implicit invocation security concerns SBarnes
- [CFCDev] When to Use Composition (Was: Newbie a... Patrick McElhaney
- Re: [CFCDev] When to Use Composition (Was: ... Doug Keen
- Re: [CFCDev] When to Use Composition (W... Greg Stewart
- Re: [CFCDev] When to Use Compositi... Doug Keen
- Re: [CFCDev] When to Use Compo... Bill Rawlinson
- Re: [CFCDev] When to Use Compo... Greg Stewart
- Re: [CFCDev] When to Use Compositi... Patrick McElhaney
- RE: [CFCDev] When to Use Compo... Brian Kotek
- Re: [CFCDev] When to Use C... Doug Keen
