Well maybe you shouldn't be storing your username and pw in your datasource in the first place. Security by obscurity is never a good idea, and the name of your datasource shouldn't be equivalent to a password.
You should be using username and pw in all your queries if you're on a shared host. You should store them somewhere like application.cfm. Now, if someone can read your files, then they'll get your password anyway, but that's a whole different security hole. You shouldn't just let people access your datasource just because they know its name. So, like I said, it's not a security issue per se, more of an annoyance. In theory you shouldn't see datasources that you don't have access to if you choose not to see them, but you could argue either way. I wouldn't want somebody creating a database on my server, and then not giving me access to it, and for enterprise manager to not even show that database to me. That's an even bigger security hole. (Think Sony with their DRM rootkit technology). Russ -----Original Message----- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 1:36 PM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. > -----Original Message----- > From: Russ [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 11, 2006 11:20 AM > To: CF-Talk > Subject: RE: Professional Opinions on HostMySite.com > > What's the problem with SQL Studio Express showing all the > dbs? I mean > yea... they show up, and it's annoying as hell if you have to > wait for all > of them to load, but is it really a security issue? > > -----Original Message----- > From: Jamie Price [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 11, 2006 12:12 PM > To: CF-Talk > Subject: Re: Professional Opinions on HostMySite.com > > >will say that is one issue I'm still not happy with. If you > use "Microsoft > >SQL Server Management Studio Express", you can see all databases on a > >server. > > This is a failing of the software, not of the server-side > setting. MS > just recently got a patch for the 2000 series of SQL that > hides db's you > don't have access to. I'm not sure what the story is on the new 2005 > install, but I'm sure MS will eventually release a similar > patch for it as > well. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229230 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
