The below example seems to work with regard to the cfc's though I must admit
I'm a newbie with cfc's. As a test I called a non-existant variable in the
_dns.cfc to see what would happend and it did expose the user name and
password, but when I wrapped a cftry/cfcatch block around the calling template
and dumped the error it only said the variable did not exist and the user name
and password were not exposed.
Also, are you using CGI.CF_TEMPLATE_PATH to deny access?
start contents of _dsn.cfc
<cfcomponent displayname="DSN" hint="I store dsn setting information">
<cfset InitDsn() />
<cffunction name="InitDsn" access="package" hint="I store dsn settings"
returntype="void">
<cfset dsn = StructNew() />
<cfset dsn.Source = "[my dsn]" />
<cfset dsn.UserName = "[my user name]" />
<cfset dsn.Password = "[my password]" />
<cfreturn>
</cffunction>
<!--- GetSource() [instance method] --->
<cffunction name="GetSource" access="package" returntype="string"
hint="I return the value of dsn.Source">
<cfreturn dsn.Source>
</cffunction>
<!--- GetUserName() [instance method] --->
... the rest of the functions ...
</cfcomponent>
end contents of _dsn.cfc
start of foo.cfc
<cfcomponent extends="_dsn" displayname="Foo Component" hint="The Foo ...">
<!--- Foo Initialization Area --->
<cfscript>
This.LockName = CreateUUID();
...
</cfscript>
<!--- InitFoo() [class method] --->
<cffunction name="InitFoo" access="package" hint="I initialize the Foo
object." returntype="void">
<cflock timeout="10" throwontimeout="Yes"
name="#This.LockName#" type="EXCLUSIVE">
<cfscript>
myDsn = CreateObject("Component","_dsn");
argParams = StructNew();
argParams.dsn = myDsn.GetSource();
argParams.dsnUserName = myDsn.GetUserName();
argParams.dsnPassword = myDsn.GetPassword();
...the rest of the Foo.cfc
If you see any holes in the above code, PLEASE let me know.
Thank you,
Aftershock Web Design, Inc.
by: Stan Winchester
President/Developer
[EMAIL PROTECTED]
http://www.aftershockweb.com/
Phone 503-244-3440
Fax 503-244-3454
>I restrict access at the CF level....
>
>I get the page from the directory path... and if the file begins with "_"
>then I throw an error.
>
>......................
>Ben Nadel
>Web Developer
>Nylon Technology
>6 West 14th Street
>New York, NY 10011
>212.691.1134
>212.691.3477 fax
>www.nylontechnology.com
>
>"Vote for Pedro"
>
>-----Original Message-----
>From: Stan Winchester [mailto:[EMAIL PROTECTED]
>Sent: Friday, December 16, 2005 8:32 AM
>To: CF-Talk
>Subject: Re: Required DSN Username & Password
>
>Ben, Thanks for the suggestion! Are you restricting the file access at the
>web server level, or in CF? If in CF, are you testing for the file name in
>CGI scope to deny access?
>
>people
>be
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227174
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
