tags:

views:

222

answers:

3
+1  Q: 

Can I ignore application.cfc in subdirectories and only use the one in root

It is pretty publicized that an ColdFusion will look up the directory tree from child to parent directories for an application.cfc file.

This allows all cfm files to be "Locked" unless the application.cfc file that is first found allows the processing of the files.

Is there a way to tell ColdFusion to NOT stop at a sub directory and ALWAYS go to the root?

The reason being is that this situation creates a "Back Door" security problem by simply creating a directory somewhere in the file structure and adding an application.cfc file.

The server would never get to the proper application.cfc and thus the security would never be set properly.

+5  A: 

no, there is no way to tell ColdFusion to ALWAYS use application.cfc at the root.

Please secure your web server carefully, upload to outside of webroot, and you should be fine.

Henry  2009-09-28 20:41:21
Thanks. That was what I figured. This is one of those "What if we have a developer go bad and tries to make a back door before they are fired" realizations. I don't think it would ever happen in any other way.
Tom Hubbard  2009-09-28 22:03:24
Only senior developers should be allowed to deploy code to a live server - and *all* changes should be code reviewed by the senior developers before deployment. If you don't trust your senior developers... well, you might as well fire them now.
Peter Boughton  2009-09-28 22:07:42
+2  A: 
Peter Boughton  2009-09-28 22:03:05
Thanks! Railo seems more and more impressive every day.
Tom Hubbard  2009-09-28 22:05:14
+1  A: 

You will be able to do this in ColdFusion 9 though. ColdFusion 9 will allow you to specify the where to search for Application.cfc files, just like Railo.

Daniel Short  2009-09-29 12:09:43

related questions

Restarting ColdFusion mail queue
ColdFusion mail queue stops processing
in ColdFusion 8, can you declare a function as private using cfscript?
ColdFusion Template Request count optimization
How do I speed up data retrieval from .NET AD within ColdFusion
How to call a function dynamically that is part of an instantiated cfc, without using Evaluate()?
Using Google Maps in Coldfusion
We're manually mapping our internal data elements to external vendors' xml schema. there's gotta be a better way...
How do I turn a ColdFusion page into a PDF download?
Importing Access data into SQL Server using ColdFusion
jquery: JFrame plugin fails in IE 7
How do I programatically sanitise coldfusion cfquery parameters.
ColdFusion: Is it safe to leave out the variables keyword in a CFC?
How should you go about learning ASP.NET after life as a ColdFusion developer?
BOM not expected in CF but sent by IIS/SP
cfqueryparam with like operator in coldfusion
Is it possible to find code coverage in ColdFusion?
How can you test to see if two arrays are the same using CFML?
Why is my PDF footer text invisible?
Coldfusion - When to use the "request" scope?
How do I convert images between CMYK and RGB in ColdFusion (java)?
How do I use NTLM authentication with Active Directory
Dynamic Alphabetical Navigation
Wrapping lists into columns
How to get started "writing" a code coverage tool?