how about instead of storing the username/pass in a database you store
it in a file that can only be accessible by the CF user?
not sure what you're doing, but you might be right about the web being
too insecure. The web is "pretty" secure if you take a lot of
precautions, but it's not invincible. :)
Steve
"Larry W. Virden" wrote:
>
> From: Steve Nelson <[EMAIL PROTECTED]>
>
> My
> solution ended up being a combination, the key was both in
> the code AND
> in the database. that way you have to break into both
> servers to access
> the full key. Not a perfect solution, but better than if it
> was only in
> one place.
>
> In my case, the control I need is access to the database; so
> having keys in the database wouldn't solve anything; there still
> needs to be some way to get into the database, and once that
> occured, the user could theirself get the pieces to get to the
> data.
>
> I suspect that the problem is that Web is just too insecure for
> this type of application.
>
> --
> Larry W. Virden <URL: mailto:[EMAIL PROTECTED]>
> <URL: http://www.purl.org/net/lvirden/>
> Even if explicitly stated to the contrary, nothing in this
> posting
> should be construed as representing my employer's opinions.
>
>
>------------------------------------------------------------------------------------------------
> Archives: http://www.mail-archive.com/[email protected]/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
>with 'unsubscribe' in the body to [EMAIL PROTECTED]
--
Steve Nelson
http://www.SecretAgents.com
Tools for Fusebox Developers
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
