What is the consensus on storing assets such as .js and .css files in the DAM? I have, for example, some mini-applications (calculators, recommenders, etc) which are used on content pages and would like for those files to be easily accessible for any updates that are needed.
Solved! Go to Solution.
Views
Replies
Total Likes
kumaranf wrote...
Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.
Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access. With dam they have edit privileges with that they have option to code any thing.
Views
Replies
Total Likes
See the AEM doc topic: DAM Performance Guide.
Views
Replies
Total Likes
Storing should be fine, But you are rendering that js in any content page then author instance might prone to xss attack for cases such as unhappy employee etc..
Views
Replies
Total Likes
Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.
Views
Replies
Total Likes
kumaranf wrote...
Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.
Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access. With dam they have edit privileges with that they have option to code any thing.
Views
Replies
Total Likes
You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there.
Views
Replies
Total Likes
Matthew Robinson wrote...
You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there.
Performance & storing wise no issue. I just want you to be aware of security issue.
Views
Replies
Total Likes
Views
Likes
Replies