Expand my Community achievements bar.

SOLVED

CQ DAM best practices

Avatar

Level 3

What is the consensus on storing assets such as .js and .css files in the DAM? I have, for example, some mini-applications (calculators, recommenders, etc) which are used on content pages and would like for those files to be easily accessible for any updates that are needed.

1 Accepted Solution

Avatar

Correct answer by
Level 10

kumaranf wrote...

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

 

Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access.   With dam they have edit privileges with that they have option to code any thing. 

View solution in original post

6 Replies

Avatar

Level 10

Storing should be fine, But you are rendering that js in any content page then author instance might prone to xss attack for cases such as unhappy employee etc.. 

Avatar

Level 2

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

Avatar

Correct answer by
Level 10

kumaranf wrote...

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

 

Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access.   With dam they have edit privileges with that they have option to code any thing. 

Avatar

Level 3

You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there. 

Avatar

Level 10

Matthew Robinson wrote...

You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there. 

 

Performance & storing wise no issue. I just want you to be aware of security issue.