Several pieces of ColdFusion functionality - med开发者_如何学编程ia player and multi file uploader - are predicated on JavaScript libraries being available at /CFIDE/scripts
, even if the scriptsrc
is configured in Application.cfc
. See the bug here for a point of reference: http://www.elliottsprehn.com/cfbugs/bugs/83328
Unfortunately exposing the CFIDE directory as-is from a ColdFusion installation is a security risk. So I'm trying to decide the right path forward to enable my application's use of this functionality whilst not exposing this hole. The wrinkle is that I am shipping a product so I am trying to imagine a solution that I can either automate with an installer or document easily enough that a system administrator should have no trouble setting up.
These are the options I've come up with:
- Document to, or have the installer, create an empty directory and virtually map it as
/CFIDE
. Copy the contents of thescripts
folder from the ColdFusion installation beneath it. - Distribute just the files I need modified and ensure the referenced .swfs are in the whatever location it's changed to (paths are relative to CFIDE/scripts):
/ajax/package/cffileupload_swf.js
/ajax/package/cfmediaplayer.js
Which option seems better? Or do you have a better idea?
You could simply map the full scripts folder. Rather than map /CFIDE, map /CFIDE/scripts. This would expose the scripts folder, but /CFIDE wouldn't exist at all.
Another similar option is to copy the scripts folder to somewhere "common" and again create a /CFIDE/scripts mapping to this folder.
Both of these solutions are virtually identical, but the second is probably better for the truly paranoid.
精彩评论