I would suggest sending this to the cf-linux list but...
> Developers often resist having database user ids and passwords embedded
> into ColdFusion admin databases. This is not secure (since the ColdFusion
> admin now has info that they may, in fact, not be cleared to see).
> What are the alternatives for passing owner and password on through to
> the underlying database (such as Oracle, etc)
Username & Passord attributes in CFSTOREDPROC or CFQUERY ???
> If one DOES embed the user id/password, then one still has to implement
> some sort of security mechanism, since the .cfm files need to be readable
> by user "nobody" if the web server is running in the default
configuration.
use cfencode ?? Better than nothing but not REALLY secure.
> What practices helps one prevent making modified versions of the .cfm
pages
> and accessing the data?
Readable not writtable ...
~Justin
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
