7 Replies Latest reply on Jul 30, 2009 11:10 AM by BKBK

    Application.cfc importing variables

    TiGGi Level 1

      Hi all
      In my application.cfc I have:

      <cffunction name="onApplicationStart" returnType="boolean" output="false">
              <cfscript>
                     Application.DNS = "BS";
                     Application.SitePath = "D:\Sites\FF";
                     Application.IPP = "10";
                     Application.SiteName = "meta site name";
                     Application.SiteKeywords = "equipmnet";
                     Application.SiteDescription = "Meta Description";
                     Application.SiteLogo = "logo.gif";
                     Application.Key = "myzlvEmrSbUcyDFdwdfsdfsdfE";
                </cfscript>
              <cfreturn true>
          </cffunction>


      I would like to move these variables into file outside the site folder.  How can I import this file into application.cfc again and set application variables?

        • 1. Re: Application.cfc importing variables
          Stressed_Simon Level 1

          Well there are many ways to go about this.

           

          1. Load them from the database and then set them into application scope.
          2. create a configuration file that has them in, read that off the file system and then set them into application scope.

           

          It really depends what you are trying to do. Is it because you are in a shared hosting and do not want these settings in a easily read text file? Or is there some other reason?

          • 2. Re: Application.cfc importing variables
            BKBK Adobe Community Professional & MVP

            How can I import this file into application.cfc again and set application variables?

             

            Why would you want to do that?

            • 3. Re: Application.cfc importing variables
              TiGGi Level 1

              The reason I want to do this is to hide some sensisite data from that application.cfc file place it somewhere off the site.

              • 4. Re: Application.cfc importing variables
                sean69 Level 1

                You can do a few things, a cffile tag should be able to read something outside the web root. generally any shsared hosting gives you that for the exact purpose.

                 

                next - if you are really paranoid about it, store your parameters either encoded or encrypted, then decrypt before reading into the application scope -

                 

                most of that stuff does not look sensitive enough to be worth the bother, maybe the key value ...  but you could also store the params in a database [cept for the dsn]

                 

                -sean

                • 5. Re: Application.cfc importing variables
                  BKBK Adobe Community Professional & MVP
                  The reason I want to do this is to hide some sensisite data from that application.cfc file place it somewhere off the site.

                   

                  Two things. First, Application.cfc is safe when handled in the usual way. In particular, it is safe to write the following in onApplicationStart:

                   

                  <cfset mySensitiveData = 'abracadabra'>

                   

                  Secondly, no matter how you import the data, you will still have to expose it by writing code similar to that one. You would therefore have gone to all the trouble for nothing.

                  • 6. Re: Application.cfc importing variables
                    sean69 Level 1
                    Application.cfc is safe when handled in the usual way.

                     

                    Yes - true enough from a CF standpoint, though I would imagine that is would be possible to read an application.cfc via php or somehting else that's not cf...  maybe he's got other people in there with ftp access as well ...

                     

                    who knows...

                     

                    just encrypt it.

                    • 7. Re: Application.cfc importing variables
                      BKBK Adobe Community Professional & MVP

                      Yes - true enough from a CF standpoint, though I would imagine that
                      is would be possible to read an application.cfc via php or somehting
                      else that's not cf...  maybe he's got other people in there with ftp
                      access as well ...

                       

                      who knows...

                      I was thinking particularly about importing files, reading them and setting application variables. In any case, I would gladly turn the subject on its head.

                       

                      Suppose your Aplication.cfc is composed in the usual, recommended way. It is  under the web root and you publish its content. What are the possibilities for someone to use it to compromise your site?

                       

                      Minimal, absolutely minimal. The security of the Coldfusion platform is mature enough -- in fact, more mature than most! -- to cope with this situation. In my experience, developer colleagues should be more worried about exposing code like this in their components:

                       

                      <cfif noOfComplaints GT 0>

                           <cfset isAShitCustomer = TRUE>

                      <cfif>