Securing Non-Coldfusion Content in Distributed Mode
We are in the process of setting up our sites with CFMX7
Enterprise in distributed mode. IIS on one server and our CF
instances on another. We have this working fine.
In our current setup, IIS is set to allow anonymous access to
allow access to the public side of our sites. For the
password-protected portions we've development our own
authentication system and it is working fine.
However, we have found that in distributed mode, all
non-coldfusion material (images, HTML pages, PDFs, etc...) are
processed and sent from the IIS server directories and never
touches the CF server. CF requests are sent to their respective
instance on its separate machine, the results returned to IIS where
it then grabs the images and any other non-CF content from itself
and serves the page to the user. This appears to be by design and
forces us to maintain our directory structure on two machines.
We're willing to live with that but is there any way to protect the
non-CF content residing on the IIS server? We have some images and
PDFs we'd like to keep available only for authorized users but it
seems using the built-in ColdFusion tools we can only protect CF
material on the CF machine.
Thoughts or insights?
Is there any reason you have CF on a separate server?
The reason I ask it that I am currently implementing
something similar on
our extranet. Basically we our extranet server and our
intranet server.
Because the extranet has to be more "open" we don't want our
"protected"
pdfs, word docs, etc stored on that server, but some of those
items need to
be accessible to our extranet users. What was decided here
was to put all
our "protected" files on the intranet server and use cfcs
(one on the
extranet, one on the intranet), along with a new page (on the
extranet) to
"pull" the requested file. Basically all links on the
extranet that would
normally point to a document now point to a page that calls
the extranet cfc
and passes the UUID for the document. This cfc does an http
request to the
cfc on the intranet which determines which document is being
requested,
grabs that file and passes it back to the extranet for
display. This serves
a couple of purposes. 1) The user never actually knows where
the file is
stored. 2) We can pass a username and password via the http
call for
authentication.
We don't have to have multiple copies of directory structure
as all our
non-restricted content can be stored on the extranet. But we
do have CF
installed on both servers.
Bryan Ashcraft (remove brain to reply)
Web Application Developer
Wright Medical Technologies, Inc.
=============================
Macromedia Certified Dreamweaver Developer
Adobe Community Expert (DW) ::
http://www.adobe.com/communities/experts/
"sdsinc_pmascari" <[email protected]> wrote
in message
news:[email protected]...
> We are in the process of setting up our sites with CFMX7
Enterprise in
> distributed mode. IIS on one server and our CF instances
on another. We
> have
> this working fine.
>
> In our current setup, IIS is set to allow anonymous
access to allow access
> to
> the public side of our sites. For the password-protected
portions we've
> development our own authentication system and it is
working fine.
>
> However, we have found that in distributed mode, all
non-coldfusion
> material
> (images, HTML pages, PDFs, etc...) are processed and
sent from the IIS
> server
> directories and never touches the CF server. CF requests
are sent to
> their
> respective instance on its separate machine, the results
returned to IIS
> where
> it then grabs the images and any other non-CF content
from itself and
> serves
> the page to the user. This appears to be by design and
forces us to
> maintain
> our directory structure on two machines. We're willing
to live with that
> but
> is there any way to protect the non-CF content residing
on the IIS server?
> We
> have some images and PDFs we'd like to keep available
only for authorized
> users
> but it seems using the built-in ColdFusion tools we can
only protect CF
> material on the CF machine.
>
> Thoughts or insights?
>
Similar Messages
-
ColdFusion 8 - 64-bit in distributed mode?
We have been running 32-bit in distributed mode since 2004
using the J2EE WAR deployment on JRun 4. With CF8 Updater 1 we
would like to migrate to the 64-bit version. Is it possible to run
a cluster of two physical servers with ColdFusion clusters on Jrun
server instances where one host OS and member server instance is
32-bit and the other host OS and member server instance is 64-bit?
We are trying to figure out a migration strategy that will permit
us to extend the current infrastructure cluster horizontally, viz.
add the new servers to the current cluster with minimal impact on
performance and code changes.
Any advice with such a migration issue would be welcome.
Thanks,
Scottdevlosh wrote:
> Install CF 80 ent 64 bit in windows server 2003. (server
1)
> MY webserver is is anoter system which is running
windows xp 32 bit. ie my iis
> is 32 bit. (server 2)
>
> All my web files and websites(IIS stuffs ) wil be in
server 2. and Jrun will
> in in server 1.
This will not work. All your .cfm files must be on the server
that has
JRun (server1).
In order to set this up:
1. Install JRun / CF on server1. It is highly recommended to
choose the
buildin webserver so you can verify your installation is
correct.
2. Copy wsconfig.jar to the webserver on server2. Make sure
you have a
JDK installed (same version as CF/JRun uses).
3. Run wsconfig.jar and specify connection parameters to
connect to
server1:
http://livedocs.adobe.com/coldfusion/6.1/htmldocs/websera7.htm
4. Plcae your .cfm files in the CF wwwroot
(...\???.ear\cfusion.war\
folder) on server 1.
5. Test.
This should work, but IIRC Adobe will only support a
configuration where
you also have your CF code on the webserver and the path to
your IIS
wwwroot on server2 is identical to the path to the JRun
wwwroot on server1.
Jochem
Jochem van Dieten
Adobe Community Expert for ColdFusion -
How do I enable SSL to serve swfs and non video content in FMS 4.5
I'm running FMS 4.5 with the built in Apache server on a Windows 2003 server running SP2. Our users are complaining that embedded videos in Chrome aren't displaying properly because the SWFs and some of the non video content are being delivered over http instead of https. I'm having trouble finding any documentation on how to add an SSL cert to the Apache server and enabling it to serve content over 443. I've requested my cert and am following my CA's docs on adding the cert to Apache, but I'm not seeing the VirtualDirectory referenced in the httpd.conf file. I'm relatively new to Apache configuration, so please include as much detail as possible in your answer. Thanks in advance for any assistance.
Look for httpd-hls-secure.conf file in AMS(FMS) Apache Bundle. httpd.conf includes this file. This enables SSL for key delivery for HLS. You may like to do the same for other cases.
Other than this, you have to enable the LoadModule mod_ssl in httpd.conf. -
Non-Apple content stops playing at 1-minute, 23-seconds on iPod(s)
For some reason my iPod(s) only seamlessly play through my imported music or Apple purchased files. For example, I use cd Baby, Amazon, and eMusic, as well as iTunes for downloading music and everything is played through my default player (iTunes); however, when I try to listen to my iPod via headphones or wirelessly, any non-Apple content stops playing at 1:23--everytime. So, if I were in the shower and listening to my iPod via one of my wireless bluetooth speakers and I forget the source of where it came from (Apple vs. non-Apple) then I could be without music. I cannot figure out why my iPod (I have several iPods and one is brand new) always wants to stop at 1-minute, 23-seconds for any content not purchased from Apple.
As you can imagine, this becomes quite a mess when listening to a playlist. As a result, I find myself having to skip to the next song quite a bit now. Anyone else have this issue or have a suggestion?
Wasn't an issue until iTunes 10 and later.
Thanks.Sounds to me like it needs to go back to Apple again. Frustrating I know.
I suppose you could try a format of the iPod in Windows. A full format does a check and remap of bad sectors on the iPod hard drive, and you would need to restore the iPod as normal (using the iPod updater) afterward.
First, put the iPod into forced disk mode.
See: How to put the iPod into disk mode.
On your PC, go "my computer" and right click on the iPod, then choose "format". Ensure the settings are at "default" and that "quick format" is not checked. Now select "format". It will take a while, but when that's finished, restore the iPod using the updater.
To exit forced disk mode, reset the iPod. -
SAP CE Installation in Distributed Mode without SAPMNT Folder Share
Hello
We are installing NW CE 7.1 in Production Environment in Distributed Mode - App Server on one host and DB Server on another host.
The App and DB server OS are Windows Server 2008 R2 and DB is Oracle 11g. We have successfully installed SCS on the app server and now installing DB Server Instance on the DB Host. While installing the same, the SAP Installtion asks for path of SAPMNT.
Our Network Team has informed that due to security reasons, in production data center they will not be able to allow sharing of folder from App Server. They have asked us to check if there is any other way of completing our installation without actually creating folder share on App Server.
We would like to know whether the sharing can be taken out of the server component and the same can be enabled on the different machine and this can be given the UNC path for accessing the same.
Kindly confirm if this is possible and supported by SAP. Also let us know if there are some other supported options regarding the same.
Regards,
ShubhamHi Sunny,
Thanks a lot for your response. So does it mean I can copy the usr/sap folder to the DB Server and give the path from the same DB server to complete the install? Does this path need to be provided in UNC format or can be using local drive path
Also can I do the same for Additional App Server that we can install. Kindly confirm.
Regards,
Shubham -
16:9 HD Content in Letterbox mode on 4:3 TV with VMS Client?
With the old Motorola box, when I watched 16:9 HD content on my old 4:3 non-HD TV (don't ask), I was able to watch in Letterbox mode (black bars on top and bottom). Now with the VMS Client box, HD content is reformatted for 4:3. Is there a way to watch HD content in Letterbox mode with an IPC box?
Thanks,
RichIt was the DVD player settings.
Thanks. -
BranchCache In Distributed Mode
Is they a way to know from what peers a system got it's content from?
Hi,
Thanks for your post.
If client computers are configured to use Distributed Cache mode, the cached content is distributed among client computers on the branch office network.
Detail information:
http://technet.microsoft.com/en-us/library/dd637832(v=ws.10).aspx
BranchCache Frequently Asked Questions
http://social.technet.microsoft.com/wiki/contents/articles/14309.branchcache-frequently-asked-questions.aspx
Regards.
Vivian Wang -
Change Ports for BranchCache Distributed Mode
Hi!
I know you can change the ports being used for BranchCache Hosted mode. Is it possible to change the ports for BranchCache distributed mode as well? Since some of my clients who need to use BranchCache are providing a webserver on port 80.
Thanks for your support!Oi, of course you can change the port of BranchCache Senior!
Set ConnectPort and ListenPort in reg as part of these instructions:
https://technet.microsoft.com/en-us/library/dd837646(v=ws.10).aspx
Then BranchCache service fails to start, but if you look in the event log you see:
The BranchCache service cannot start because the HTTP namespace used for serving content to requesting clients is not reserved.
Run the enable cmdlet appropriate to your service mode from an elevated PowerShell command prompt.
So to reserve this space, run the following command:
netsh branchcache>set service mode=distributed
Which then outputs the following, underlined, bolded and Italic so that Phil can see it:
Configuring URL Reservation url=http://+:1365/116B50EB-ECE2-41ac-8429-9F9E963361B7/, sddl=D:A;;GX;;;NS) ... Succeeded
Enabling firewall rule group BranchCache - Content Retrieval (Uses HTTP)... Succ
eeded
Setting Service Start Type to Manual... Succeeded
Setting Service Mode... Succeeded
Starting Service... Succeeded -
AppleTV not showing non-synced content since upgrade to iTunes 8.1.0.52
Prior to upgrading to 8.1, my non-synced content showed on my AppleTV (when iTunes was open on my computer). Following the upgrade, the only content showing on the AppleTV is content that is synced to it.
iTunes can see the AppleTV and I can sync content to it. Under "Settings" for the AppleTV I have "Custom Sync" selected and the "Show only synced content on my AppleTV" box is not checked.
Any ideas how I can get non-synced content to show again in the AppleTV?That's exactly what I did, it took ~20sec to complete the "apply to enclosed items" command (there was heavy disk access), but it does not improve. The permissions stay the same for the files/folders in question. It's very odd, have a look at the screenshot:
Some folders have correct permissions, others (to which I have no access through iTunes) show "admin" twice as the only user who is allowed to write. Repair permission does not help. I have hundreds of files/folders where permissions are wrong, only since the upgrade recently.
http://img4.imageshack.us/img4/33/permission.png
Message was edited by: JJulian (added screenshot) -
CF8 64-bit in Distributed Mode; also, Windows or Linux?
We're currently running CF7 in distributed mode; two
mirrored, load-balanced Win2K3x32 web servers hosting our sites,
each with the CF7 connector installed, pointing to two mirrored,
load-balanced Win2K3x32 application servers running clustered CF7
Enterprise.
This setup works fine, but we're now looking at
replacing/rebuilding our web servers, and thinking about upgrading
to CF8, and possibly to Win2K8 or RHEL5.1, as well. Our hardware
all features x64 support, but so far, everything we've done has
been 32-bit. Since CF8 finally includes x64 support, this makes it
something to consider.
So i have two questions, in case anyone has tried either of
these before:
[1] If we install Win2K8x64 and the CF8x64 connector, could
it point to a CF7x32 application server and still work properly?
This would allow us to make the migration in steps; web servers,
then app servers. We were able to make this intermediate step
during our last upgrade; pointing the CF7x32 connectors at our old
CFMX app server, until we had the new one available. But both of
those platforms were 32-bit architectures.
[2] Are there any practical gains to be had from moving to a
Linux x64 web server with the CF8x64 connector, pointing to a Linux
CF8x64 app server? We've not had the knowledge base necessary to
support Linux servers in the past, but over the past 2 years we've
had quite a bit of success moving straight HTML sites onto RHEL
with Apache2; and are starting to wonder if it's worth the time and
trouble it would take for us to make this next leap away from
Windows... :)
Thanks for helping me think this through!We're currently running CF7 in distributed mode; two
mirrored, load-balanced Win2K3x32 web servers hosting our sites,
each with the CF7 connector installed, pointing to two mirrored,
load-balanced Win2K3x32 application servers running clustered CF7
Enterprise.
This setup works fine, but we're now looking at
replacing/rebuilding our web servers, and thinking about upgrading
to CF8, and possibly to Win2K8 or RHEL5.1, as well. Our hardware
all features x64 support, but so far, everything we've done has
been 32-bit. Since CF8 finally includes x64 support, this makes it
something to consider.
So i have two questions, in case anyone has tried either of
these before:
[1] If we install Win2K8x64 and the CF8x64 connector, could
it point to a CF7x32 application server and still work properly?
This would allow us to make the migration in steps; web servers,
then app servers. We were able to make this intermediate step
during our last upgrade; pointing the CF7x32 connectors at our old
CFMX app server, until we had the new one available. But both of
those platforms were 32-bit architectures.
[2] Are there any practical gains to be had from moving to a
Linux x64 web server with the CF8x64 connector, pointing to a Linux
CF8x64 app server? We've not had the knowledge base necessary to
support Linux servers in the past, but over the past 2 years we've
had quite a bit of success moving straight HTML sites onto RHEL
with Apache2; and are starting to wonder if it's worth the time and
trouble it would take for us to make this next leap away from
Windows... :)
Thanks for helping me think this through! -
How to create a secure & non editable PDF? So that it cannot be modified by any of the secondary tools available online for security breaks and editing of PDF document
I put all the security options but still there are tools to break the security (even password) leading to editing of document
Need to avoid any such situationIf the document is important, and there is something to be gained by modifying it - then someone will just make a new copy of it (e.g. print and scan, screen capture), and make a new document, then change it.
If protecting the integrity of the document - proving it is unchanged - is the thing, look at digital signatures. Forget security, the signed file can be freely edited, but the signature will always show it is changed. -
Linux Spool in UTF-8 format for non English content
When I spool from Oracle 10g for a non English content (Japanese) it is coming as unreadable chars.
I am using this file to read and store that to MySQL.
From there using a JSP program I am displaying on a web application.
Any help is greatly appreciated.
Thanks,
VijayanConfigure the operating system for the character set. Look up "globalization" at google.
-
Non-Apple content stops playing at 1-minute, 23-seconds!!!!
For some reason my iPod(s) only seamlessly play through my imported music or Apple purchased files.
For example, I use cd Baby, Amazon, and eMusic, as well as iTunes for downloading music and everything is played through my default player (iTunes); however, when I try to listen to my iPod via headphones or wirelessly, any non-Apple content stops playing at 1:23--everytime.
So, if I were in the shower and listening to my iPod via one of my wireless bluetooth speakers and I forget the source of where it came from (Apple vs. non-Apple) then I could be without music. I cannot figure out why my iPod (I have several iPods and one is brand new) always wants to stop at 1-minute, 23-seconds for any content not purchased from Apple. As you can imagine, this becomes quite a mess when listening to a playlist. As a result, I find myself having to skip to the next song quite a bit now.
Anyone else have this issue or have a suggestion?
Wasn't an issue until iTunes 10 and later.
Thanks.I am having the sames issues. I was on the phone with Apple over the weekend. I was told they would report it to their engineers. It would seem this problem occurred first in May and June and was resolved from what I have read this morning in past discussions, yet seems to be reoccurring again as of this weekend.
-
How important is it to have non-flash content for iPAD?
Hi there.
I'm busy building a site with an image rotater in the header with a couple of images from the products. This rotater works with flash which does not work with iPAD. How important do you rate it to definitely have non-flash content as to have the odd cosmetic slide show here and there?
Regards,
Deonhgholtz wrote:
Wonder why iOS does not like flash?
Hi
On Android devices the reason given for dropping support, (or no support in the case of iOS) was because it was literally possible to watch the battery power indicator drop whilst watching anything that required flash.
On a Samsung Galaxy it only required 7 minutes of Flash video to drain the battery, and on an Android budget tablet I also use for testing, (sub £150) 3 minutes.
PZ -
Hi
When I send non-ASCII content in the body of a mail, the content does not appear correctly in the mail body.
<BR>
THe ccode is as below
msg.setHeader("Content-Transfer-Encoding", "quoted-printable" );
<BR>
String a = MimeUtility.encodeText("�later","UTF-8","B");
<BR>
msg.setContent(a, "text/html");
<BR><BR>
Mail is received as =?UTF-8?B?4oCZbGF0ZXI=?=
Can anybody help
Regards
Syed NiazHi!
Your code looks a bit messy.
If you are sending non-ascii data, you should use a DataHandler and a DataSource to add your data to the mail's body instead of using MimeUtility.encode()
Hope this helps.
Maybe you are looking for
-
Update the Video card graphics in OS X ML?
I have a 2011 late MB pro 17 inch, with the Radeon 6770M graphic card in it. I was wondering if it were possible to update the drivers, other than to use software update, cause that is just the standard apple drivers. I have two reasons for this. Fir
-
Lion Installed: Internal speakers muted and cannot be adjusted thru the audio pane.
I installed Lion yesterday and spent considerable time looking for an online solution to no avail. The online info suggests to re-install the OS from the disk supplied with the laptop, but would be re-installing Snow Leopard... mmm The quick fix is t
-
Anyone know if there is a way to make slides with resolutions higher than 1024x768? In fact it would be great if they had a custom resolution option. I guess I should have clarified I have Keynote 2. It looks as though Keynote 3 has more slide resolu
-
iTunes 11: How do I get the iPod button back once I go back to my music? Do I need to unplug and replug my iPod back in?
-
I have an XML variable that is populating controls. The XML is populating the controls as it should, however when I make a change to the data in the control, shouldn't the XML be updating automatically? Or, is there some extra setting up required s