Ok, speaking with the hosts support desk they don't allow access above the webroot however they do allow me to full permissions control over directories in the webroot which they said should allow me to make them web-inaccessible which keeps them safe.
We'll see how that goes. Rob On 20 Aug, 16:40, Sir Rawlins <[email protected]> wrote: > Hello Chris, > > I'm not sure if the host supports access to files outside of the > webroot or not, I was working on the assumption that they didn't but > if you're working with one who does then perhaps I'll do a little more > research into the accounts we've been looking at. > > Cheers mate, > > Rob > > On 20 Aug, 16:15, Chris Blackwell <[email protected]> wrote: > > > > > does your shared hosting account give you access to any directory above the > > webroot? If it does you can move your framework and config files up a level, > > this is how i setup my MG apps > > ftp root > > - public_html / wwwroot > > - frameworks > > - ModelGlue > > - Reactor > > - coldspring > > - application > > - config > > - views > > - model > > - etc.. > > > you can then per-app-map each of those directories, and with a few changes > > to paths, mainly in your index.cfm (using expandpath("/../")) it'll all > > work. > > > chris > > > 2009/8/20 Sir Rawlins <[email protected]> > > > > Hello Dan, > > > > Thanks for your advice on this, sorry for the late reply, I've been > > > away for the past few days. > > > > I've made this change to my xml files and appended all the paths > > > within my coldspring XML file to point to the new .xml.cfm paths > > > however it doesn't seem very happy creating Transfer like this: > > > > <!-- ORM Adapter Configuration --> > > > <!-- Create the Transfer Alias objects. --> > > > <alias alias="ormAdapter" name="ormAdapter.Transfer" /> > > > <alias alias="ormService" name="ormService.Transfer" /> > > > > <!-- Create the transfer configuration object --> > > > <bean id="transferConfiguration" > > > class="transfer.com.config.Configuration"> > > > <constructor-arg > > > name="datasourcePath"><value>/config/transfer/ > > > Datasource.xml.cfm</value></constructor-arg> > > > <constructor-arg name="configPath"><value>/config/transfer/ > > > Transfer.xml.cfm</value></constructor-arg> > > > <constructor-arg > > > name="definitionPath"><value>/model/data/transfer</ > > > value></constructor-arg> > > > </bean> > > > > And the exception which gets thrown looks like so: > > > > "Bean creation exception during init() of transfer.TransferFactory > > > > An error occured while Parsing an XML document.:The processing > > > instruction target matching "[xX][mM][lL]" is not allowed." > > > > Any ideas what this might be about? > > > > Another questions I wanted to ask, is it deemed a security risk having > > > the /ColdSpring /Transfer /ModelGlue directories in the webroot? > > > should I be looking to rename these with some strange paths and then > > > use a per-app mapping to them? or are they safe to keep as they are? > > > > Cheers, > > > > Rob > > > > On 12 Aug, 18:43, Dan Wilson <[email protected]> wrote: > > > > Many people rename all their .xml config files to xml.cfm and put a > > > comment > > > > near the top with a CFAbort. > > > > <!-- <cfabort /> --> > > > > > Like that. > > > > > DW > > > > > On Wed, Aug 12, 2009 at 12:30 PM, Sir Rawlins < > > > > > [email protected]> wrote: > > > > > > Hello Guys, > > > > > > I've got a small MG/CS/Transfer based project which I've been putting > > > > > together for a friend, pretty much done with things now and we're > > > > > going to be sticking them up on a bit of shared hosting space over the > > > > > next week or two. > > > > > > I've done all the usual checks with the host to ensure that the > > > > > frameworks will run on their space, they don't limit the use of cffile > > > > > or any of those tags so we should be good to go. > > > > > > I'm looking for your advice on how to secure my installation on a > > > > > shared hosing account as all files are effectively going to be in the > > > > > webroot. I'd imagine that masking the XML files as a somehow is pretty > > > > > much top of the list, should I also be giving the framework folders > > > > > random character names and then use per-app mappings to refer to them? > > > > > > I'd appreciate your thoughts on this. > > > > > > Rob > > > > > -- > > > > “Come to the edge, he said. They said: We are afraid. Come to the edge, > > > he > > > > said. They came. He pushed them and they flew.” > > > > > Guillaume Apollinaire quotes --~--~---------~--~----~------------~-------~--~----~ Model-Glue Sites: Home Page: http://www.model-glue.com Documentation: http://docs.model-glue.com Bug Tracker: http://bugs.model-glue.com Blog: http://www.model-glue.com/blog You received this message because you are subscribed to the Google Groups "model-glue" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/model-glue?hl=en -~----------~----~----~----~------~----~------~--~---
