Adobe Experience Manager Sites & More

robinsonm · 15/10/15

What is the consensus on storing assets such as .js and .css files in the DAM? I have, for example, some mini-applications (calculators, recommenders, etc) which are used on content pages and would like for those files to be easily accessible for any updates that are needed.

Sham_HC · 15/10/15

kumaranf wrote...

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access. With dam they have edit privileges with that they have option to code any thing.

Ver la solución en mensaje original publicado

smacdonald2008 · 15/10/15

See the AEM doc topic: DAM Performance Guide.

Sham_HC · 15/10/15

Storing should be fine, But you are rendering that js in any content page then author instance might prone to xss attack for cases such as unhappy employee etc..

kumaranf · 15/10/15

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

Sham_HC · 15/10/15

kumaranf wrote...

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access. With dam they have edit privileges with that they have option to code any thing.

robinsonm · 15/10/15

You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there.

Sham_HC · 15/10/15

Matthew Robinson wrote...

You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there.

Performance & storing wise no issue. I just want you to be aware of security issue.