I was watching a show about house security once, and they said you should never put your name on your mailbox (nor anywhere visible). Why not? Because a thief can have a phone book in his car, and look up your phone number from the name and address, then give a call to see if you're not home.
Would you announce to the world what your username is? Sure nobody has your password, but giving out your username (or your DB name) gives a hacker one less thing to figure out. What about paths in your web server? Could a hacker wipe out all of your custom tags if he knew what folder they were in? Probably not, but if he didn't have to discover that much information, his job is that much easier. Again, I think if it weren't a security risk, MS would not have put out a patch. > -----Original Message----- > From: Russ > > Well maybe you shouldn't be storing your username and pw in > your datasource > in the first place. Security by obscurity is never a good > idea, and the > name of your datasource shouldn't be equivalent to a password. > > You should be using username and pw in all your queries if you're on a > shared host. You should store them somewhere like > application.cfm. Now, if > someone can read your files, then they'll get your password > anyway, but > that's a whole different security hole. You shouldn't just let people > access your datasource just because they know its name. > > So, like I said, it's not a security issue per se, more of an > annoyance. In > theory you shouldn't see datasources that you don't have > access to if you > choose not to see them, but you could argue either way. I > wouldn't want > somebody creating a database on my server, and then not > giving me access to > it, and for enterprise manager to not even show that database > to me. That's > an even bigger security hole. (Think Sony with their DRM rootkit > technology). > > Russ > -----Original Message----- > From: Munson, Jacob [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 11, 2006 1:36 PM > To: CF-Talk > Subject: RE: Professional Opinions on HostMySite.com > > Would you want your DB to be visible to all other customers > on a shared > host? I know I sure wouldn't...even if they can only look at things, > it's still scary and if nothing else, a bad idea. If it weren't a > security issue, I don't think MS would have put out a patch. [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229234 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
