> > I never understood this one.
> >
> > Why is:
> >
> > <CFQUERY DATASOURCE = "#Request.MainDSN#"
> >
> > in a template better than
> >
> > <CFQUERY DATASOURCE = "#Request.MainDSN#" UserName =
> > "#Request.User#" Password = "#Request.Pass#"
> >
> > security-wise?
>
> From a hacker's perspective, it's often pretty easy to read script code.
> It's usually a little harder to read the registry, which is where CF
stores
> datasource usernames and passwords.
Not to mention how easy it is to accidetally expose template source code
without realising that you're doing so. An inexperienced developer might
save a backup of mytemplate.cfm as mytemplate.bak or mytemplate.cfm.bak.
The template source code could then easily be read by anyone poking around
from anywhere on the net.
Jim
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
