Which is a good solution if it is your own server, but on a shared server other customers only need to guess your DSN (which is usually easy as most people will use the sitename) to access your database. Or if CreateObject(java) is enabled, they can extract all DSN's from the cfadmin anyway.
Russ -----Original Message----- From: Bobby Hartsfield [mailto:[EMAIL PROTECTED] Sent: 05 December 2006 00:51 To: CF-Talk Subject: RE: getSessionList.cfm UDF When you said password, I automatically assumed that you meant a user's password. I set all my DB passwords in the CF Admin. ...:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com -----Original Message----- From: Snake [mailto:[EMAIL PROTECTED] Sent: Monday, December 04, 2006 7:16 PM To: CF-Talk Subject: RE: getSessionList.cfm UDF I definitely wouldn't say it is a good idea to give your web site users your database password under any circumstances. Any it wouldn't be a very user friendly web site if visitors had to enter your database password to make it work. -----Original Message----- From: Bobby Hartsfield [mailto:[EMAIL PROTECTED] Sent: 05 December 2006 00:04 To: CF-Talk Subject: RE: getSessionList.cfm UDF Personally, I've never thought that was a good idea or good practice at all. If the user needs to login, ask them for the password; if they have a valid session, don't let it time out or reset it when you need to but get the info from the database when you need it and when you need it only. .....:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com -----Original Message----- From: Snake [mailto:[EMAIL PROTECTED] Sent: Monday, December 04, 2006 6:30 PM To: CF-Talk Subject: RE: getSessionList.cfm UDF Well that said, it has always been given as good practice to store your database username/passwor din application scape and pass them to your queries. Russ -----Original Message----- From: Bobby Hartsfield [mailto:[EMAIL PROTECTED] Sent: 04 December 2006 21:21 To: CF-Talk Subject: RE: getSessionList.cfm UDF Maybe it would be better to say that you as a developer should know better than to put things that you shouldn't into a scope so easily accessible by others. .......:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.430 / Virus Database: 268.15.6/567 - Release Date: 12/4/2006 7:18 AM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:262852 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
