Well, we don't store usernames and passwords in any of our cf servers (except in unique instances). Instead, we have datasource names only in the administrator, and each developer is responsible for using the appropriate account information to access the database. We generally have project accounts (which we do not use for web access) and web accounts. The web accounts have non-expiring passwords, so you're not forced to go tinkering with application code every time a password expires. The web accounts don't "own" any objects, but are just granted whatever privs they need on the objects in the project accounts.
Personally, I store username and password info in the request scope and use that. The other nice thing we've done is set up a consistent DSN name on each of our three servers (dev, test, prod) that correspond with the equivalent database instance. So, for example, you'd just say: <cfscript> request.dsn = theBigKahuna; request.uname = Master; request.pword = soSecure; </cfscript> And then: <cfquery datasource="#request.dsn#" username="#request.uname#" password="#request.pword#"> .... </cfquery> And, theBigKahuna would point to the correct datasource relevant to the server you're on. One caveat - with Oracle (not sure this is relevant for all database drivers) - using transactions with this method works, but throws an error into the log file. So, anything that requires a transaction needs to be put in a stored proc (preferable) or a special datasource needs to be set up that includes username and password in the CF administrator. (Note that this may not be applicable in 7.0 or with all the latest hotfixes/drivers.) ----- Original Message ----- From: "Damien McKenna" <[EMAIL PROTECTED]> To: "CF-Talk" <[email protected]> Sent: Tuesday, April 26, 2005 9:00 AM Subject: OT: DSN handling for production server > It has been mentioned here recently that the database login information > for a production server should not be stored in the Coldfusion > administrator. > > First off, for a dedicated server, why? > > Secondly, what is a good way to solve this? > > Thirdly, we have almost a dozen sites, most of which access one main SQL > Server database then also some support databases. I wanted to have each > site have its own login to the database but with multiple sites > accessing multiple databases in a many-to-many relationship this would > get very messy very fast. Anyone have a suggestion how I could do this? > I may be able to merge all the databases together, they really ought to > be anyway. > > Lastly, would this work: > <cfquery name="myQuery" #application.db_string#>#sql#</cfquery> > where application.db_string would store the relevant attributes & values > necessary to log into this database? > > Thanks. > > -- > Damien McKenna - Web Developer - [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > The Limu Company - http://www.thelimucompany.com/ > <http://www.thelimucompany.com/> - 407-804-1014 > #include <stdjoke.h> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:204443 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
