Inspiring

Question

protecting your include pages ?

Forum|Forum|15 years ago
June 10, 2010
4 replies
914 views

So I have a folder called include, which contains several .cfm files which get included at various points.

one of them for example inserts records into the orders table

what's the best method to employ so that if anyone accidentally tried to open this file in their browser, nothing happens ?

eg. is there a way to check at the start of the code which page opened the included file ?

I can dot this

insert rows...

Perhaps, I should convert the pages to custom tags ? Just need a bit of advice on the subject.

Getting started

This topic has been closed for replies.

C

ColdSteel2

Participating Frequently

Dax maight be going about this wrong. However, there is and easy solution:

ilssac

Inspiring

As Adam alluded to. Your Include files do not need to be under the web root. Move them somewhere else in the file system outside the web root, then it is impossible for anybody to access through a normal web connection.

D

Dax_TrajeroAuthor

Inspiring

What if I turn the include files into custom tags ? In this case updateCart.cfm ?

</cfif>

A

Adam Cameron.

Inspiring

What if I turn the include files into custom tags ? In this case updateCart.cfm ?
<cfif isDefined ("form.submit")>
     <cfif form.submit EQ "update cart">
          <cfinclude "updateCart.cfm">
     </cfif>
</cfif>

Huh?

--

Adam

D

Dan_Bracuk

Inspiring

I'm not sure about the details, but I think you can do something with the folder's permissions.

A

Adam Cameron.

Inspiring

You're getting this around the wrong way slightly, I think.

Only files that are intended to be web browseable should be in your web server's doc root. Everything else (which should be most files) should not be.

--

Adam

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded