It was a problem on my old HMS server, which allowed JSP to be executed and didn't have any JSP security mechanism. I was able to read the source code of every site on the server and therefore get any DSN password that wasn't in the CF Admin.
That's why I moved to a new server on which JSP is better managed (via Resin). On 1/11/06, Snake <[EMAIL PROTECTED]> wrote: > If you don't put your username/password into your DSN then it's not a > problem. > You should never ever do this on live server anyway. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229145 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
