• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Read application variables from components outside webroot

LEGEND ,
Aug 28, 2017 Aug 28, 2017

Copy link to clipboard

Copied

Hello, all,

I'm trying to set up our projects so that the components folder will not be inside webroot, primarily due to bots attempting to spider our site and generating error emails every time they get to our components folder.

One thing that I've noticed (and it makes sense) is that application variables are not available to the components when the components are not in webroot.  For example, I have a CFTRY/CFCATCH set up in a function that will email the error information to us.  The "to" attribute is set to "application.errorEmail" which is set to my email address in application.cfc, but the components outside webroot can't get application.errorEmail.

Will I have to manually set application variables in the components in order to keep them out of webroot?  Or is there a simpler way to get the application variables to the components?

V/r,

^ _ ^

Views

348

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 29, 2017 Aug 29, 2017

Copy link to clipboard

Copied

In my opinion, it is generally poor design to set an application variable in a component. That is because it increases coupling.

You could improve the design by passing any application variables to the component. Something like this,

<cfcomponent >

    <cfset variables.appVar = "">

   

    <!--- Call init when creating object instances, ensuring each will have a copy of appVar --->

    <cffunction name="init" returntype="any">

        <cfargument name="appVar">   

          <cfset variables.appVar = arguments.appVar>

        <cfreturn this>

    </cffunction>

</cfcomponent>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Aug 29, 2017 Aug 29, 2017

Copy link to clipboard

Copied

Hi, BKBK​,

There are too many application variables for me to pass all of them to each component.  And this is being accessed via AJaX for a form submit.  Some of the application variables are email addresses, some are DSN names.  I'm not sure I feel 'secure' sending that information via AJaX.

I guess what I was hoping for would be for a way to either CFINCLUDE the root application.cfc, or somehow extend the root application.cfc into the out-of-webroot components folder.  Are you aware of any way to do either?

V/r,

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 31, 2017 Aug 31, 2017

Copy link to clipboard

Copied

WolfShade  wrote

There are too many application variables for me to pass all of them to each component. 

Then you could pass just one variable, the application scope. That is, the structure.

And this is being accessed via AJaX for a form submit.  Some of the application variables are email addresses, some are DSN names.  I'm not sure I feel 'secure' sending that information via AJaX.

AJAX? I was only thinking of an init() to instantiate the component object. I am assuming that your application accesses the component via a mapping that you have created to point to the CFC folder.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Aug 31, 2017 Aug 31, 2017

Copy link to clipboard

Copied

LATEST

I'm using CFAJAXPROXY to bring the CFCs into JavaScript.

<cfajaxproxy cfc="components.ERC" jsclassname="ERC" />

...

<script>

var thisComponent = new ERC();

var postData = $('#' + formObjId).serializeArray();

function displayResult(res){  ... }

function displayFailed(res){ ... }

thisComponent.setHTTPMethod('POST');

thisComponent.setCallbackHandler(displayResult);

thisComponent.setErrorHandler(displayFailed);

thisComponent.dtsSurvey(formArray=postData);

</script>

But with the CFCs existing outside of the application, application variables are broken.  #application.errorEmail# doesn't exist for the CFTRY/CFCATCH emails when something breaks.

I'll give a shot at passing the application scope.  Hadn't considered that. 

The mapping of the component folder is in Application.cfc:

<cfset this.mappings['/components'] = ReplaceNoCase(ExpandPath('.'),'{a lot of regex}/components') />

V/r,

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 30, 2017 Aug 30, 2017

Copy link to clipboard

Copied

Something got me wondering.

WolfShade  wrote

I'm trying to set up our projects so that the components folder will not be inside webroot, primarily due to bots attempting to spider our site and generating error emails every time they get to our components folder.

You could just configure your Robots.txt file to prevent bots from crawling parts of your website.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Aug 30, 2017 Aug 30, 2017

Copy link to clipboard

Copied

Reputable search engines will comply with robots.txt.  Sadly, not all search engines are reputable.  That would stop maybe 10% of all the bots on the internet.  There are many who completely ignore robots.txt.

Also, Robots.txt will not stop users from trying to spider and find the components folder and access them directly.  Only placing the components folder outside of the webroot will prevent direct unauthorized access to the functions.

V/r,

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation