On 7/25/02, Stacy Young penned: >Single point of entry, lock down few places rather than many...I guess more >the traits of incorporating a controller rather than FB itself...
LOL This has certainly strayed off of my original question which has nothing do do with Stored procedures or Fusebox. I'll re-post the question, which is concerning client database access: Does anyone see a problem with restricting SQL operations to Stored Procedures (which obviously there aren't any) or INSERT to stop people from querying a client storage database? I've always tried to avoid writing things like cfset client.user = "me" and cfset client.password = "mypassword" on the remote chance that if someone knows the datasource name and does a SELECT * FROM CDATA, that they could look for things like user and password combinations and guess from the app name (which I often name with the domain name to avoid duplicate app names) what site it is. Don't know why, but I always just sort of figured that restricting SQL operations would restrict them for CF also. Funny how it takes 3 years for the light to go on sometimes. :) -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
