RE: Security Concerns Question regarding Cfquery reguried username and password in sql environment

Dave Watts Thu, 26 Oct 2000 21:18:13 -0700

> I never understood this one.
> 
> Why is:
> 
> <CFQUERY DATASOURCE = "#Request.MainDSN#"
> 
> in a template better than
> 
> <CFQUERY DATASOURCE = "#Request.MainDSN#" UserName = 
> "#Request.User#"  Password = "#Request.Pass#"
> 
> security-wise?

>From a hacker's perspective, it's often pretty easy to read script code.
It's usually a little harder to read the registry, which is where CF stores
datasource usernames and passwords.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message 
with 'unsubscribe' in the body to [EMAIL PROTECTED]

RE: Security Concerns Question regarding Cfquery reguried username and password in sql environment

Reply via email to