Sorry Bud but I'm lost dude...restrict INSERT at the CFADMIN level on the client datasource?
Stace -----Original Message----- From: Bud [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 12:24 AM To: CF-Talk Subject: RE: Client Database question On 7/25/02, Stacy Young penned: >Single point of entry, lock down few places rather than many...I guess more >the traits of incorporating a controller rather than FB itself... LOL This has certainly strayed off of my original question which has nothing do do with Stored procedures or Fusebox. I'll re-post the question, which is concerning client database access: Does anyone see a problem with restricting SQL operations to Stored Procedures (which obviously there aren't any) or INSERT to stop people from querying a client storage database? I've always tried to avoid writing things like cfset client.user = "me" and cfset client.password = "mypassword" on the remote chance that if someone knows the datasource name and does a SELECT * FROM CDATA, that they could look for things like user and password combinations and guess from the app name (which I often name with the domain name to avoid duplicate app names) what site it is. Don't know why, but I always just sort of figured that restricting SQL operations would restrict them for CF also. Funny how it takes 3 years for the light to go on sometimes. :) -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
