Rob,
I have my own linux servers and the control panel software i use creates new
vhost accounts with the webroot (public_html) as a sub directory of the
users home directory.  i think thats a fairly common setup but may differ,
especially on windows.

If your host provides a way to set permissions (via .htaccess or the iis
equivalent) on the directories then thats probably all you need.  It may be
worth moving everything you want to secure into a single directory in the
webroot and then per-app-mapping them, then you only have one directory to
secure.

2009/8/20 Sir Rawlins <[email protected]>

>
> Ok, speaking with the hosts support desk they don't allow access above
> the webroot however they do allow me to full permissions control over
> directories in the webroot which they said should allow me to make
> them web-inaccessible which keeps them safe.
>
> We'll see how that goes.
>
> Rob
>
> On 20 Aug, 16:40, Sir Rawlins <[email protected]>
> wrote:
> > Hello Chris,
> >
> > I'm not sure if the host supports access to files outside of the
> > webroot or not, I was working on the assumption that they didn't but
> > if you're working with one who does then perhaps I'll do a little more
> > research into the accounts we've been looking at.
> >
> > Cheers mate,
> >
> > Rob
> >
> > On 20 Aug, 16:15, Chris Blackwell <[email protected]> wrote:
> >
> >
> >
> > > does your shared hosting account give you access to any directory above
> the
> > > webroot? If it does you can move your framework and config files up a
> level,
> > > this is how i setup my MG apps
> > > ftp root
> > >  - public_html / wwwroot
> > >  - frameworks
> > >    - ModelGlue
> > >    - Reactor
> > >    - coldspring
> > >  - application
> > >    - config
> > >    - views
> > >    - model
> > >    - etc..
> >
> > > you can then per-app-map each of those directories, and with a few
> changes
> > > to paths, mainly in your index.cfm (using expandpath("/../")) it'll all
> > > work.
> >
> > > chris
> >
> > > 2009/8/20 Sir Rawlins <[email protected]>
> >
> > > > Hello Dan,
> >
> > > > Thanks for your advice on this, sorry for the late reply, I've been
> > > > away for the past few days.
> >
> > > > I've made this change to my xml files and appended all the paths
> > > > within my coldspring XML file to point to the new .xml.cfm paths
> > > > however it doesn't seem very happy creating Transfer like this:
> >
> > > >        <!-- ORM Adapter Configuration -->
> > > >        <!-- Create the Transfer Alias objects. -->
> > > >        <alias alias="ormAdapter" name="ormAdapter.Transfer" />
> > > >        <alias alias="ormService" name="ormService.Transfer" />
> >
> > > >        <!-- Create the transfer configuration object -->
> > > >        <bean id="transferConfiguration"
> > > > class="transfer.com.config.Configuration">
> > > >                <constructor-arg
> > > > name="datasourcePath"><value>/config/transfer/
> > > > Datasource.xml.cfm</value></constructor-arg>
> > > >                <constructor-arg
> name="configPath"><value>/config/transfer/
> > > > Transfer.xml.cfm</value></constructor-arg>
> > > >                <constructor-arg
> > > > name="definitionPath"><value>/model/data/transfer</
> > > > value></constructor-arg>
> > > >        </bean>
> >
> > > > And the exception which gets thrown looks like so:
> >
> > > > "Bean creation exception during init() of transfer.TransferFactory
> >
> > > > An error occured while Parsing an XML document.:The processing
> > > > instruction target matching "[xX][mM][lL]" is not allowed."
> >
> > > > Any ideas what this might be about?
> >
> > > > Another questions I wanted to ask, is it deemed a security risk
> having
> > > > the /ColdSpring /Transfer /ModelGlue directories in the webroot?
> > > > should I be looking to rename these with some strange paths and then
> > > > use a per-app mapping to them? or are they safe to keep as they are?
> >
> > > > Cheers,
> >
> > > > Rob
> >
> > > > On 12 Aug, 18:43, Dan Wilson <[email protected]> wrote:
> > > > > Many people rename all their .xml config files to xml.cfm and put a
> > > > comment
> > > > > near the top with a CFAbort.
> > > > > <!-- <cfabort /> -->
> >
> > > > > Like that.
> >
> > > > > DW
> >
> > > > > On Wed, Aug 12, 2009 at 12:30 PM, Sir Rawlins <
> >
> > > > > [email protected]> wrote:
> >
> > > > > > Hello Guys,
> >
> > > > > > I've got a small MG/CS/Transfer based project which I've been
> putting
> > > > > > together for a friend, pretty much done with things now and we're
> > > > > > going to be sticking them up on a bit of shared hosting space
> over the
> > > > > > next week or two.
> >
> > > > > > I've done all the usual checks with the host to ensure that the
> > > > > > frameworks will run on their space, they don't limit the use of
> cffile
> > > > > > or any of those tags so we should be good to go.
> >
> > > > > > I'm looking for your advice on how to secure my installation on a
> > > > > > shared hosing account as all files are effectively going to be in
> the
> > > > > > webroot. I'd imagine that masking the XML files as a somehow is
> pretty
> > > > > > much top of the list, should I also be giving the framework
> folders
> > > > > > random character names and then use per-app mappings to refer to
> them?
> >
> > > > > > I'd appreciate your thoughts on this.
> >
> > > > > > Rob
> >
> > > > > --
> > > > > “Come to the edge, he said. They said: We are afraid. Come to the
> edge,
> > > > he
> > > > > said. They came. He pushed them and they flew.”
> >
> > > > > Guillaume Apollinaire quotes
> >
>

--~--~---------~--~----~------------~-------~--~----~
Model-Glue Sites:
Home Page: http://www.model-glue.com
Documentation: http://docs.model-glue.com
Bug Tracker: http://bugs.model-glue.com
Blog: http://www.model-glue.com/blog

You received this message because you are subscribed to the Google
Groups "model-glue" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/model-glue?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to