Ok,
A fellow developer and I are trying to figure out something related to
trusted connections in CF Admin.
We both use SQL7, and are hosted on virtual servers. Apparently, they (our
hosts) set
up trusted connections by default and there are several (many dozens) of
databases on the SQL server,
which you can see when opening enterprise manager. Even worse, the
datasource name they set up defaults to the name of
the database. Here are the questions:
1) What would be the best way to secure access to the database when using
cfquery?
2) I thought of using session variables for username/password, but wouldn't
that be really slow and/or an extra security risk?
3) What about client variables?
4) And what if your client variable storage is set up to use the exact same
database?
5) Is this even a concern?
PS: we tested to see if a cfquery could be run on another database, and the
datasource not found error was returned. I assume that the db knows the ip
address of the cfserver allowed to run code, is this correct?
Andrew Middleton
Software Engineer
[EMAIL PROTECTED]
IITRI
http://www.iitri.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
