> In a shared hosting environment with critical data, how can > you be sure that your database(s) are not accessible by anyone > else via CF, CFQUERY, etc? How can you password protect a DSN/DB > so that data is not allowed to be pulled from the DB without > supply the password in your code, etc... we don't want anyone > quering our DB and getting our data do we? It seems like if > they knew our DSN name, they could do pretty much whatever > they wanted. :-) > > I've set the PW up in the ODBC setup of CF ADMIN but it still > lets me query etc.. I've tried setting a password everywhere! :-) I've said it before, and I'll say it again. If it's critical data, you can't rely on a shared hosting environment. That being said, if you simply leave the username and password out of your System DSN, and supply it in your CFQUERY and CFSTOREDPROC tags, then someone would have to read your code to get that username and password. Of course, if you simply stick it into a CFML script, then someone who could read the script would be able to get that information, but if you're safer doing that because it's a shared environment, then it'll work. > By the way, I'm wondering how to do this with ACCESS2k. I think you'll have to password protect the database in the Access design environment, then use that password in your CFQUERY tag. The username, I think, is "admin" by default. I'm not entirely sure about this, though. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/[email protected]/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
