Tom Chiverton skreiv:
> On Friday 12 Oct 2007, [EMAIL PROTECTED] wrote:
>> <CFSET Application.Reactor = CreateObject("Component",
>> "reactor.reactorFactory").init(expandPath("reactor.xml")) />
>>
>> My application.cfc, reactor.xml file, and Reactor folder are in the web
>> root, so we can use it site wide.
>
> .init("/reactor.xml")
Yeah. Doing it that way is a bad idea though. With reactor.xml in your
web-root you expose a lot of information that you may not want to
disclose to anyone who visits http://yourdomain/reactor.xml
It contains, for example, datasource, username and password for your
database (it can anyway), aswell as tablenames, fieldnames and relations
between them. This latter ain't really "secret" as such, but knowing
them makes sql-injection attacks a lot easier.
Eivind Kjørstad
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Reactor for ColdFusion Mailing List
[EMAIL PROTECTED]
Archives at: http://www.mail-archive.com/reactor%40doughughes.net/
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
