>
> How can I setup CF dsn's without storing the username and password also?
> I'd like to pass the username/password through with each query, but CF
> admin is making me add a username and password when setting up the dsn.
You don't have to put a username and password in the administrator. You
just can't verify the datasource in the administrator.
> I'm doing this for security, but if anyone can offer a better (free)
> solution then feel free to offer suggestions...
Is this a shared hosting environment? If it is, then it's hard to
really be secure. If it's not a shared hosting environment, then you
don't really need to worry about it.
One of the best ways to store database passwords securely is in an
environment variable. I do this for my clients when they request it..
basically, the httpd.conf is root read only... I put the requested
passwords in there in plaintext using the SetEnv directive within the
virtualhost section for a given site.
The sites can then reference CGI.DBPASS or something like that, without
ever having to store the password in a file that is readable by the web
server (no, the httpd.conf is NOT readable by the web server.. apache
starts up by root, reads the conf files, THEN switches to "nobody".
If you store the password in a file, anyone with access to write
coldfusion files on the server could theoretically gain access to your
password. But only files within the given webroot would see the
CGI.DBPASS environment variable configured in the httpd.conf
- Rick
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
