0

Secure your XML

Posted : Oct 26, 2006 12:57 PM
MachII
First off, I need to reiterate how great it is to work with Mach-II.  It is my best friend.

Second...the issue at hand. 

I'm using a few XML 'documents' to feed SPRY ds's in secured areas of my app, all of which containing sensitive data. 
I don't want to a) actually write any of the content to a file, or b) allow unauthorized users to ever get to or see that data.

As it turns out its fairly simple to do.

Instead of defining the location of an XML file for my Spry ds like
    new Spry.Data.XMLDataSet("UserAccounts.xml", "useraccounts/useraccount")

I merely supply that DataSet call with the link to a Mach-II event like so... (I named the event with a '.xml' extension just because I thought it was cool, it is not required)
    new Spry.Data.XMLDataSet("/index.cfm/event/UserAccounts.xml", "useraccounts/useraccount")


warning...pseudo-code ahead:

Then, my event-handler only needs to a)check authentication, b) generate the content, c) pass it to a dumb view.

    <event-handler event="UserAccounts.xml" access="public">
        <filter name="CheckAdminLogin" />
        <notify listener="CustomerAdminListener" method="generateUserAccountsXML" resultArg="XML"/>
        <view-page name="showXml" />   
    </event-handler>

(I won't get in to actually creating valid XML since that isn't really relevant to this post.)

Once that listener has created the eventArg and passed it to the view, all the view does is something like this:

    <cfcontent type="text/xml" reset="yes">
    <cfoutput>#event.getArg("XML")#</cfoutput>

The end...

tags:
MachII
 
Sami Hoda said:
 
Nice example. Make sense.
 
posted 1232 days ago
Add Comment Reply to: this comment OR this thread
 

Search

Fuelly
Recent Blog Entries
If These Carrots Could Talk: A Carrot Retrospective
A Better way to serve files from the Google App Engine Virtual File System
Url Rewriting on Google App Engine
The Elusive Thomas At Action Canyon
Google App Engine's Virtual File System with OpenBD
Coldfusion on the Google App Engine with Open BlueDragon
Tweaking the Content Editor: Adding Images
Fedor VS Brett Rogers
Pushing Weight: Back to Basics
Progressive Overload
Archives
All Categories 
Advertising (1) 
BlueDragon (5) 
cfeclipse (1) 
cfopen (1) 
ColdFusion (104) 
Cool Videos (4) 
CSS (2) 
Family (2) 
Fitness (3) 
Flex (3) 
Funny eBay Auctions (1) 
General (8) 
Gimp (1) 
Google (5) 
Google App Engine (3) 
Health (1) 
Humor (6) 
InstantSpot (3) 
InstantSpot 2.0 (3) 
InstantSpot News (23) 
Internet (3) 
Internet (15) 
Javascript (5) 
Linux (13) 
Linux (21) 
MachII (4) 
Marketing (2) 
Miscellaneous (12) 
Movies (11) 
Music (1) 
Musings (4) 
MythTV (3) 
Photoshops (1) 
Politics (2) 
Pushing Weight (1) 
Rants (2) 
SEO (3) 
Smith Project (4) 
Stat Tracking (7) 
Strange (4) 
Stupid Criminals (1) 
Technology (4) 
Television (3) 
Ubuntu (6) 
Virtualization (3) 
Wallpapers (1) 
Web Development (22) 
tags
Hardy Heron laptops Linux open source technology Advertising Ajax awesome Back to Basics blackberry blog news Blogging BlueDragon Books cfeclipse cfopen cloud cloud computing ColdFusion compression

View all tags