Secure your XML
MachII
First off, I need to reiterate how great it is to work with Mach-II. It is my best friend.
Second...the issue at hand.
I'm using a few XML 'documents' to feed SPRY ds's in secured areas of my app, all of which containing sensitive data.
I don't want to a) actually write any of the content to a file, or b) allow unauthorized users to ever get to or see that data.
As it turns out its fairly simple to do.
Instead of defining the location of an XML file for my Spry ds like
new Spry.Data.XMLDataSet("UserAccounts.xml", "useraccounts/useraccount")
I merely supply that DataSet call with the link to a Mach-II event like so... (I named the event with a '.xml' extension just because I thought it was cool, it is not required)
new Spry.Data.XMLDataSet("/index.cfm/event/UserAccounts.xml", "useraccounts/useraccount")
warning...pseudo-code ahead:
Then, my event-handler only needs to a)check authentication, b) generate the content, c) pass it to a dumb view.
<event-handler event="UserAccounts.xml" access="public">
<filter name="CheckAdminLogin" />
<notify listener="CustomerAdminListener" method="generateUserAccountsXML" resultArg="XML"/>
<view-page name="showXml" />
</event-handler>
(I won't get in to actually creating valid XML since that isn't really relevant to this post.)
Once that listener has created the eventArg and passed it to the view, all the view does is something like this:
<cfcontent type="text/xml" reset="yes">
<cfoutput>#event.getArg("XML")#</cfoutput>
The end...
Second...the issue at hand.
I'm using a few XML 'documents' to feed SPRY ds's in secured areas of my app, all of which containing sensitive data.
I don't want to a) actually write any of the content to a file, or b) allow unauthorized users to ever get to or see that data.
As it turns out its fairly simple to do.
Instead of defining the location of an XML file for my Spry ds like
new Spry.Data.XMLDataSet("UserAccounts.xml", "useraccounts/useraccount")
I merely supply that DataSet call with the link to a Mach-II event like so... (I named the event with a '.xml' extension just because I thought it was cool, it is not required)
new Spry.Data.XMLDataSet("/index.cfm/event/UserAccounts.xml", "useraccounts/useraccount")
warning...pseudo-code ahead:
Then, my event-handler only needs to a)check authentication, b) generate the content, c) pass it to a dumb view.
<event-handler event="UserAccounts.xml" access="public">
<filter name="CheckAdminLogin" />
<notify listener="CustomerAdminListener" method="generateUserAccountsXML" resultArg="XML"/>
<view-page name="showXml" />
</event-handler>
(I won't get in to actually creating valid XML since that isn't really relevant to this post.)
Once that listener has created the eventArg and passed it to the view, all the view does is something like this:
<cfcontent type="text/xml" reset="yes">
<cfoutput>#event.getArg("XML")#</cfoutput>
The end...
Loading....