RE: Security Concerns Question regarding Cfquery reguried username and password in sql environment

Thu, 26 Oct 2000 17:43:54 -0700 

Yup...don't.  Never ever.  Set the username and password in the ColdFusion
Administrator instead.  Click the Advanced button when editing the
datasource you're setting up, and enter the username and password in the
boxes supplied.  That way you aren't hardcoding usernames and passwords in
your templates.

<CFUG-SFL Manager>
-Kev
</CFUG-SFL Manager>

> -----Original Message-----
> From: AustralianAccommodation.com Pty. Ltd.
> [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 26, 2000 7:41 PM
> To: CF-Talk
> Subject: Security Concerns Question regarding Cfquery reguried username
> and password in sql environment
>
>
>
> I have just upgraded from access to sql and as a result of
> running on an sql
> server the way the security ha been set up required me to indicate the
> username and the password in the cfquery as outlined below
>
> <cfquery DATASOURCE="123" username="456" password= "789"
> name="Properties">
>
> are there any issues that I need to be concerned with by hard coding the
> actual user name and password into the fields as indicated above ????
>
> or should I have the values in a table within the database and
> then refer to
> the field names of that table in the query.
>
> my concern which may be unjustified is that if someone with
> malicious intent
> some how can get to view my cf code  via my site they then get to know the
> login name and password to the database.
>
> I assume it is possible to some how view cf code from a third part website
> some how is that not the reason why I see a lot of code in cf files
> encrypted
>
> Excuse me novice questions however I am new to the area of security issues
> and cf
>
>
>
>
> Kind Regards
>
> Claude Raiola (Director)
> AustralianAccommodation.com Pty. Ltd.
> Website: www.AustralianAccommodation.com
> Email: [EMAIL PROTECTED]
>
> ------------------------------------------------------------------
> ------------------------------
> Archives: http://www.mail-archive.com/[email protected]/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
> or send a message with 'unsubscribe' in the body to
> [EMAIL PROTECTED]

------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message 
with 'unsubscribe' in the body to [EMAIL PROTECTED]

Reply via email to