CQ DAM best practices | Community
Skip to main content
M
mrobinson-1
Level 3
October 16, 2015
Solved

CQ DAM best practices

  • October 16, 2015
  • 6 replies
  • 1652 views

What is the consensus on storing assets such as .js and .css files in the DAM? I have, for example, some mini-applications (calculators, recommenders, etc) which are used on content pages and would like for those files to be easily accessible for any updates that are needed.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Sham_HC

kumaranf wrote...

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

 

Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access.   With dam they have edit privileges with that they have option to code any thing. 

6 replies

smacdonald2008
smacdonald2008
Level 10
October 16, 2015

See the AEM doc topic: DAM Performance Guide.

Sham_HC
Sham_HC
Level 10
October 16, 2015

Storing should be fine, But you are rendering that js in any content page then author instance might prone to xss attack for cases such as unhappy employee etc.. 

K
kumaranf
Level 2
October 16, 2015

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

Sham_HC
Sham_HCAccepted solution
Level 10
October 16, 2015

kumaranf wrote...

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

 

Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access.   With dam they have edit privileges with that they have option to code any thing. 

M
mrobinson-1Author
Level 3
October 16, 2015

You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there. 

Sham_HC
Sham_HC
Level 10
October 16, 2015

Matthew Robinson wrote...

You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there. 

 

Performance & storing wise no issue. I just want you to be aware of security issue. 

Terms & ConditionsAccessibility statement

Loading footer...