It is very very easy to make this secure. You certainly do not give open access to the database. You create XML templates that are like views, they allow limited access to the data, and can be restricted to select/update/whatever. The reason Dave prob said that is because you can allow the database to be queryied by simply sending an SQL statement on a URL or form post to the XML interface. But you do have to set it up to allow this in the first place.
Of course with windows you can password protect resources too. It is only as insecure as you make it, just as your CFML apps will be insecure you do not password protect them and protect from SQL injection. Russ -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: 29 June 2006 17:05 To: CF-Talk Subject: RE: XML storage of metadata in database fields > If you use IIS, you may want to look into the IIS SQL integration. > Using this you can provide direct HTTP XML services into your > database. I would strongly recommend against this, unless you're in a very strictly controlled environment, for security reasons. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:245087 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
