如何禁用“组件浏览器”在ColdFusion? [英] How to disable "Component Browser" in ColdFusion?
问题描述
我已经注释掉了 \\ JRun4 \servers \ [name] \cfusion.ear\cfusion.war\WEB-INF\web.xml
但是,RDS选项卡仍然在CF管理员中,浏览到CFC仍然将我重定向到 /CFIDE/componentutils/cfcexplorer.cfc
However, the RDS tab is still there in the CF Administrator, and browsing to a CFC still redirect me to /CFIDE/componentutils/cfcexplorer.cfc
如何在ColdFusion中禁用组件浏览器?
How to disable "Component Browser" in ColdFusion?
感谢
推荐答案
组件浏览器不能禁用 - 它是ColdFusion的硬连线功能,当您向.CFC驻留的完整位置发出Web请求时, - 与RDS无关,无论是否启用。
The "Component Browser" cannot be disabled--it is a hard-wired function of ColdFusion, which automatically fires when you make a web request to the full location where a .CFC resides--and is unrelated to RDS, whether it is enabled or not.
您必须决定一种方法,以防止直接访问您的CFCs,并以此方式实现,而不是。这些选项是:
You will have to decide upon a methodology that you want to approach to prevent direct access to your CFCs, and implement it that way, instead. Such options are:
-
禁用CFC的自动文档,如上面的Henry (资料来源: Ray Camden )。
从任何面向公众的网站删除/ CFIDE虚拟映射,以便直接的.CFC网络请求导致HTTP 500 (因为cfcexplorer将无法访问)。
Remove the /CFIDE virtual mapping from any of your public facing websites, so that a direct .CFC web request results in a HTTP 500 (as cfcexplorer will no longer be accessible).
面向网站使用不同的虚拟/ CFIDE目录:
A slicker option altogether is to make your public-facing websites use a different virtual /CFIDE directory:
- 删除面向公众的网站2上方)
- 在公开的网站上建立名为CFIDE的新资料夹。
-
componentutils。
,4.在componentutils中,创建一个单独的文件cfcexplorer.cfc,然后使用它来进行单个调用,并向浏览器返回一个401(禁止)代码:
- Remove the existing /CFIDE mapping for your public-facing site (#2 above)
- Create a new folder in your public facing site called "CFIDE".
Within that directory, create a folder called "componentutils". , 4. Within "componentutils", create a single file, "cfcexplorer.cfc", which you will then use to make a single call, and return a 401 (Forbidden) code to the browser:
< cfheader statuscode =401statustext =禁止/>
<cfheader statuscode="401" statustext="Forbidden" />
$ b b
此选项很好,因为您不仅通过组件浏览器的隐式功能隐藏您的CFC,而且还从公开隐藏您的CF管理员(许多CF网站经常忘记)。
This option is good, because you not only hide your CFCs from direct access via the implicit functionality of the Component Browser, you also hide your CF Administrator from the public (which many CF sites often forget about).
这篇关于如何禁用“组件浏览器”在ColdFusion?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
