Legend

Question

Read application variables from components outside webroot

Forum|Forum|8 years ago
August 28, 2017
2 replies
456 views

Hello, all,

I'm trying to set up our projects so that the components folder will not be inside webroot, primarily due to bots attempting to spider our site and generating error emails every time they get to our components folder.

One thing that I've noticed (and it makes sense) is that application variables are not available to the components when the components are not in webroot. For example, I have a CFTRY/CFCATCH set up in a function that will email the error information to us. The "to" attribute is set to "application.errorEmail" which is set to my email address in application.cfc, but the components outside webroot can't get application.errorEmail.

Will I have to manually set application variables in the components in order to keep them out of webroot? Or is there a simpler way to get the application variables to the components?

V/r,

^ _ ^

This topic has been closed for replies.

BKBK

Community Expert

Something got me wondering.

WolfShade wrote
I'm trying to set up our projects so that the components folder will not be inside webroot, primarily due to bots attempting to spider our site and generating error emails every time they get to our components folder.

You could just configure your Robots.txt file to prevent bots from crawling parts of your website.

WolfShadeAuthor

Legend

Reputable search engines will comply with robots.txt. Sadly, not all search engines are reputable. That would stop maybe 10% of all the bots on the internet. There are many who completely ignore robots.txt.

Also, Robots.txt will not stop users from trying to spider and find the components folder and access them directly. Only placing the components folder outside of the webroot will prevent direct unauthorized access to the functions.

V/r,

^ _ ^

BKBK

Community Expert

In my opinion, it is generally poor design to set an application variable in a component. That is because it increases coupling.

You could improve the design by passing any application variables to the component. Something like this,

</cffunction>

</cfcomponent>

WolfShadeAuthor

Legend

Hi, BKBK,

There are too many application variables for me to pass all of them to each component. And this is being accessed via AJaX for a form submit. Some of the application variables are email addresses, some are DSN names. I'm not sure I feel 'secure' sending that information via AJaX.

I guess what I was hoping for would be for a way to either CFINCLUDE the root application.cfc, or somehow extend the root application.cfc into the out-of-webroot components folder. Are you aware of any way to do either?

V/r,

^ _ ^

BKBK

Community Expert

WolfShade wrote
There are too many application variables for me to pass all of them to each component.

Then you could pass just one variable, the application scope. That is, the structure.

And this is being accessed via AJaX for a form submit. Some of the application variables are email addresses, some are DSN names. I'm not sure I feel 'secure' sending that information via AJaX.

AJAX? I was only thinking of an init() to instantiate the component object. I am assuming that your application accesses the component via a mapping that you have created to point to the CFC folder.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded