IMO hard-coding a database username/password in your app is only a security risk if the wrong people already have access to your file system, in which case you likely have bigger issues than the database username in your application code.
Many shared hosting providers don't include the username / password in the DSN definition in the CF Admin (forcing you to use them in your code) because that would allow anyone with a hosting account to theoretically access another one of their client's databases by guessing the DSN. Which could be a particularly dangerous thing if the DSN names happen to be formulaic. but I digress... The connectionstring attribute of cfquery was (and I'm sure someone will correct me if I'm wrong) an element of what were referred to as "dsn-less connections". That is, you could connect to a database without first creating a DSN in the ColdFusion Administrator. ColdFusion MX and later no longer include the dsn-less connections feature -- where it got off to, why it got off there and if it will ever come back are questions to be pondered. In the meantime unfortunately the only answer is "no, you can't do that anymore". > Well, hard coding your SQL username & password is a > security risk and IMHO > bad practice. > You should let the CFAdmin handle that for you. > Warmest Regards, > Phillip B. Holmes > -----Original Message----- > From: Nick Baker [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 06, 2005 12:46 AM > To: CF-Talk > Subject: CFQUERY accessing MS SQL DB on another CF server > MX 6.1 > In some of the earlier versions you could query a db on > other servers around > the Internet. V 6 and later (I think) changed up <CFQUERY > and I can't seem > to get it going again. > In earlier versions we had a connectString attribute which > took something > like the following. > ConnectionString = "DRIVER=SQL > Server;SERVER={ipaddress};UID={username}; > PWD={password};APP=;DATABASE={database}" > Does anyone know how to accomplish this with V 6 and > later? > Thanks, > Nick s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://macromedia.breezecentral.com/p49777853/ http://www.sys-con.com/story/?storyid=44477&DE=1 http://www.sys-con.com/story/?storyid=45569&DE=1 http://www.fusiontap.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197603 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
