Expand my Community achievements bar.

SOLVED

CQ DAM best practices

Avatar

Level 3
Level 3
10/15/15 7:28:07 PM

What is the consensus on storing assets such as .js and .css files in the DAM? I have, for example, some mini-applications (calculators, recommenders, etc) which are used on content pages and would like for those files to be easily accessible for any updates that are needed.

Views

927

Replies

6
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:28:07 PM

kumaranf wrote...

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

 

Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access.   With dam they have edit privileges with that they have option to code any thing. 

View solution in original post

Views

665

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
6 Replies

Avatar

Level 10
Level 10
10/15/15 7:28:07 PM

Storing should be fine, But you are rendering that js in any content page then author instance might prone to xss attack for cases such as unhappy employee etc.. 

Views

665

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
10/15/15 7:28:07 PM

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

Views

783

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:28:07 PM

kumaranf wrote...

Why DAM? What are the issues in using clientlibs in /etc/designs? They too are accessible to authors.

 

Not sure how your environment is set up & acl applied. In general Authors will not have edit privileges to edit designs & they have just read access.   With dam they have edit privileges with that they have option to code any thing. 

Views

666

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 3
Level 3
10/15/15 7:28:07 PM

You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there. 

Views

664

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
10/15/15 7:28:07 PM

Matthew Robinson wrote...

You are correct Sham. I as a developer have access to edit such files and authors do not, but our deployment process is such that getting a package with etc/designs changes deployed to our production environment is tied to a release schedule, but I do not want to be dependent on that. I'm more concerned about performance/reliability around storing files there. I don't see an issue personally, but some other developers on our team raised a concern about storing these type of files there. 

 

Performance & storing wise no issue. I just want you to be aware of security issue. 

Views

766

Replies

0
Sign in to like this content

Total Likes

Translate
Translate