Noam,
Again. Great stuff.
So, given what you're stating, we would actually have an n-tier fusebox
solution? We could keep building request.CallerFuseAction by adding to it as
it passes through each sub-app....couldn't we?
Sounds good to me! We need to standardize on this stuff as this is a big
step toward portability and reuse :) Plug and play fusebox!
Phil
-----Original Message-----
From: BOROVOY Noam
To: '[EMAIL PROTECTED]'
Sent: 7/21/00 9:45 AM
Subject: RE: Nested Fuesbox apps (also RE: Other security considerations a
nd fusebox methodologies...)
> How about refining the method to allow any fusebox to nest any other
> fusebox
> and allow all links to be built automatically:
>
> If the variable request.CallerFuseAction is defined then all links can
be
> built using:
>
> fuseaction for links: request.CallerFuseAction &".ChildFuseAction"
> Which then will be passed to the CGI.ScriptName which will be the top
> level
> Index.cfm
> Such as: <A
>
href="#CGI.ScriptName#?fuseaction=#request.CallerFuseAction#.ChildAction
"
>
> So an example for a three level nesting:
> BookStore.Cart.AddItem
> The top level index.cfm has an action store which forwards to the
store
> sub
> directory index.cfm with the action:
> Cart.AddItem
> Which in turn forward to Cart sub directory index.cfm with the action:
> AddItem
>
> This way the top level index.cfm files each only have a single case
> statement for each child fusebox and they append this fuseaction to
the
> request.CallerFuseAction so that each included sub fusebox knows how
to
> build the links properly without having to hard code them.
>
> With this and RFA's (return fuseactions) you could easily reuse
modules at
> any level without needing to know the internals of what you are
including.
>
> Let me know what you think,
> Noam
>
> ----------
> From: Paul Johnston [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, 21 July 2000 11:49
> To: '[EMAIL PROTECTED]'
> Subject: Other security considerations and fusebox
methodologies...
>
> This message is in MIME format. Since your mail reader does not
> understand
> this format, some or all of this message may not be legible.
>
> ------_=_NextPart_001_01BFF2F8.E2DE9092
> Content-Type: text/plain;
> charset="iso-8859-1"
>
> I am quite new to fusebox, but already build everything I now do
(if
> it is
> slightly big) using the methodology.
>
> I have a couple of questions. If someone with knowledge of
fusebox
> comes
> along to try to hack a site (just say it could happen...) then
if
> they just
> played around with a few "dsp_<a name>.cfm" like dsp_index.cfm
they
> could
> quite happily hack the code around and maybe hit upon errors
giving
> them
> path information on the computer... and so on until hacked
computer!
>
> Not using an Application.cfm file that these files have no
> protection unless
> built into the pages (with a <cfinclude template="blah.cfm"> or
> something)
> at the top.
>
> Are there any suggestions as to how to get round this? Is there
a
> convention? Has anyone had this problem?
>
> Also, I have tried to build subfuse applications (fusebox under
> fusebox),
> using the fusebox1.fusebox2.fuseaction notation mentioned last
week,
> but I
> can't get it to work. Please could someone send me some code
(and
> I'm sure
> other newbies would like to see it!) to explain this better. I
get
> the
> idea, but can't get it to work. The main issue being how to
> reference the
> Given that I am paid for doing work, I have had to scrap the
> notation to
> finish the job quick so there is no code.
>
> Also, maybe there should be a slightly better way of passing the
> "calling"
> fusebox. Example, create a custom tag in fusebox, and then,
without
> changing the fuseaction calls to include the extra fuseaction,
how
> do you
> call a fusebox app, from beneath it and still keep the dot
notation
> up to
> date? I can see the point if building an application from
scratch,
> but
> recoding a fusebox several times to work with different
fuseboxes
> underneath
> it seems silly. Maybe need some kind of calling methodology to
be
> worked
> out. It could have big implications on site building - ie you
could
> just
> pick up a fusebox to use as your site template and have it call
> other
> fuseboxes specified by you (maybe as a custom tag attribute???).
>
> Anyway, lots to chew on, and may well not be that clear.
>
> See you
>
> Paul
>
> ------_=_NextPart_001_01BFF2F8.E2DE9092
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Diso-8859-1">
> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
> 5.5.2650.12">
> <TITLE>Other security considerations and fusebox =
> methodologies...</TITLE>
> </HEAD>
> <BODY>
>
> <P><FONT SIZE=3D2>I am quite new to fusebox, but already build =
> everything I now do (if it is slightly big) using the =
> methodology.</FONT>
> </P>
>
> <P><FONT SIZE=3D2>I have a couple of questions. If someone
> with =
> knowledge of fusebox comes along to try to hack a site (just say
it
> =
> could happen...) then if they just played around with a few =
> "dsp_<a name>.cfm" like dsp_index.cfm they could
> quite =
> happily hack the code around and maybe hit upon errors giving
them
> path =
> information on the computer... and so on until hacked =
> computer!</FONT></P>
>
> <P><FONT SIZE=3D2>Not using an Application.cfm file that these
files
> =
> have no protection unless built into the pages (with a
<cfinclude
> =
> template=3D"blah.cfm"> or something) at the =
> top.</FONT></P>
>
> <P><FONT SIZE=3D2>Are there any suggestions as to how to get
round =
> this? Is there a convention? Has anyone had this problem?</FONT>
> </P>
>
> <P><FONT SIZE=3D2>Also, I have tried to build subfuse
applications =
> (fusebox under fusebox), using the fusebox1.fusebox2.fuseaction
=
> notation mentioned last week, but I can't get it to work.
> Please =
> could someone send me some code (and I'm sure other newbies
would
> like =
> to see it!) to explain this better. I get the idea, but
can't
> get =
> it to work. The main issue being how to reference the
Given
> that =
> I am paid for doing work, I have had to scrap the notation to
finish
> =
> the job quick so there is no code.</FONT></P>
>
> <P><FONT SIZE=3D2>Also, maybe there should be a slightly better
way
> of =
> passing the "calling" fusebox. Example, create a
> custom =
> tag in fusebox, and then, without changing the fuseaction calls
to =
> include the extra fuseaction, how do you call a fusebox app,
from =
> beneath it and still keep the dot notation up to date? I
can
> see =
> the point if building an application from scratch, but recoding
a =
> fusebox several times to work with different fuseboxes
underneath it
> =
> seems silly. Maybe need some kind of calling methodology
to be
> =
> worked out. It could have big implications on site building - ie
you
> =
> could just pick up a fusebox to use as your site template and
have
> it =
> call other fuseboxes specified by you (maybe as a custom tag =
> attribute???).</FONT></P>
>
> <P><FONT SIZE=3D2>Anyway, lots to chew on, and may well not be
that
> =
> clear.</FONT>
> </P>
>
> <P><FONT SIZE=3D2>See you</FONT>
> </P>
>
> <P><FONT SIZE=3D2>Paul</FONT>
> </P>
>
> </BODY>
> </HTML>
> ------_=_NextPart_001_01BFF2F8.E2DE9092--
>
>
------------------------------------------------------------------------
--
> --
> --
> To Unsubscribe visit
>
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox
or
> send a message to [EMAIL PROTECTED] with 'unsubscribe'
in
> the body.
>
------------------------------------------------------------------------
------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox
or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
