Copy link to clipboard
Copied
Hi all
In my application.cfc I have:
I would like to move these variables into file outside the site folder. How can I import this file into application.cfc again and set application variables?
Copy link to clipboard
Copied
Well there are many ways to go about this.
It really depends what you are trying to do. Is it because you are in a shared hosting and do not want these settings in a easily read text file? Or is there some other reason?
Copy link to clipboard
Copied
How can I import this file into application.cfc again and set application variables?
Why would you want to do that?
Copy link to clipboard
Copied
The reason I want to do this is to hide some sensisite data from that application.cfc file place it somewhere off the site.
Copy link to clipboard
Copied
You can do a few things, a cffile tag should be able to read something outside the web root. generally any shsared hosting gives you that for the exact purpose.
next - if you are really paranoid about it, store your parameters either encoded or encrypted, then decrypt before reading into the application scope -
most of that stuff does not look sensitive enough to be worth the bother, maybe the key value ... but you could also store the params in a database [cept for the dsn]
-sean
Copy link to clipboard
Copied
The reason I want to do this is to hide some sensisite data from that application.cfc file place it somewhere off the site.
Two things. First, Application.cfc is safe when handled in the usual way. In particular, it is safe to write the following in onApplicationStart:
<cfset mySensitiveData = 'abracadabra'>
Secondly, no matter how you import the data, you will still have to expose it by writing code similar to that one. You would therefore have gone to all the trouble for nothing.
Copy link to clipboard
Copied
Application.cfc is safe when handled in the usual way.
Yes - true enough from a CF standpoint, though I would imagine that is would be possible to read an application.cfc via php or somehting else that's not cf... maybe he's got other people in there with ftp access as well ...
who knows...
just encrypt it.
Copy link to clipboard
Copied
Yes - true enough from a CF standpoint, though I would imagine that
is would be possible to read an application.cfc via php or somehting
else that's not cf... maybe he's got other people in there with ftp
access as well ...who knows...
I was thinking particularly about importing files, reading them and setting application variables. In any case, I would gladly turn the subject on its head.
Suppose your Aplication.cfc is composed in the usual, recommended way. It is under the web root and you publish its content. What are the possibilities for someone to use it to compromise your site?
Minimal, absolutely minimal. The security of the Coldfusion platform is mature enough -- in fact, more mature than most! -- to cope with this situation. In my experience, developer colleagues should be more worried about exposing code like this in their components:
<cfif noOfComplaints GT 0>
<cfset isAShitCustomer = TRUE>
<cfif>