Hi Andrew,
I had a similar problem with my hosting company and they, after I explained
the security risk
agreed to setup the data source with the username and password so that I did
not need to
pass it with every query. They had the cf error screen so that it displayed
the full code on failure
which would have disclosed the username and password to the user.
Doug
-----Original Message-----
From: Middleton Andrew [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 25 September 2001 2:59 AM
To: CF-Server
Subject: SQL 7 and CF trusted connections
Ok,
A fellow developer and I are trying to figure out something related to
trusted connections in CF Admin.
We both use SQL7, and are hosted on virtual servers. Apparently, they (our
hosts) set
up trusted connections by default and there are several (many dozens) of
databases on the SQL server,
which you can see when opening enterprise manager. Even worse, the
datasource name they set up defaults to the name of
the database. Here are the questions:
1) What would be the best way to secure access to the database when using
cfquery?
2) I thought of using session variables for username/password, but wouldn't
that be really slow and/or an extra security risk?
3) What about client variables?
4) And what if your client variable storage is set up to use the exact same
database?
5) Is this even a concern?
PS: we tested to see if a cfquery could be run on another database, and the
datasource not found error was returned. I assume that the db knows the ip
address of the cfserver allowed to run code, is this correct?
Andrew Middleton
Software Engineer
[EMAIL PROTECTED]
IITRI
http://www.iitri.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
