-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> >The database itself is sensitive enough that the owner does
> not want the
> >userid and password put into the ColdFusion admin area either...
>
> I'm curious, why do you consider the ColdFusion admin area
> insecure? Is
> there a way the password can be discovered once its put there?
Any DB passwords entered in the CF Admin pages are stored encrypted
in the registry (or the CF registry file in the case of UN*X). It's
technically possible to decrypt that password once it's stored there
if you know the password that CF uses to encrypt it in the first
place.
BUT since that section of your registry or the registry file should
be secured to admin access only, then only admins (which shall be
presumed to already know the password) could access the encrypted
password in the first place.
To respond to the original poster's questions:
I'm afraid you're being a little too paranoid for your own good. No
matter how you structure things, at some point, the CF Server must
have an unencrypted copy of the DB password to send off to the DB
Server. It's gotta be stored somewhere. You can certainly encrypt
it when you store it, but the CF code has to be able to decrypt that
password in order to use it. There really isn't any way to get
around the fact that the password must be in cleartext at some point
for CF to use it.
Now... You mentioned:
>However, because of the gateway issue, hard coding the userid and
>password into the cfm files is out - the cfm files are in general
>accessible by someone browsing the directories.
I'm not sure who you're worried about browsing your directories.
General web users can't see your CF source code (assuming your server
is configured correctly. And if it's not, then you've got way bigger
issues to worry about, no?...). The only folks that can see your CF
source are those that have direct telnet, ftp, or physical access to
the box. And of those, only users that have been granted access to
the web directory can actually see the files in question. Assuming
you've set your file system security settings properly (IE root, your
backup user, and the account that the webserver runs as should be the
only ones w/ access to those files), then no one important can see
that source anyways.
I gather that the security of your data is quite important to you,
and that's certainly understandable. Unfortunately, there has to be
some level at which you trust your software & hardware. If you can't
trust your own code, then there's really nothing you can do to make
yourself feel secure. There are certainly an unlimited ways to
obfuscate things and make it more difficult for a would-be hacker to
get at your data, but it's not likely that you'll be able to stop a
dedicated attacker who has access to your source code.
That said, here's what I'd do given your situation:
1) Create a CF virtual root in the CF Administrator that points to
somewhere outside of the webserver's root (I'm assuming UN*X CF can
still do this). Example: If your webserver root is /home/www/, then
make a directory like /home/ReallySecretStuff/ (you might not want to
use *that* file name... ;-) and store the password files in there.
If you've called that CF root "DBPass", then you can gain access to
files in there within CF template by using <cfinclude
template="/DBPass/Whatever.cfm">
The benefit of using a virtual CF root is that if someone gains
source access to CFM's in your webroot through some sort of server
software exploit (::$DATA, +.htr, etc., etc....), they can't get at
the files outside of your webroot (at least not with any exploits
I've seen to date). That way they might see the name of the file
with your passwords, but chances are really slim they'd be able to
get to them.
2) Your password file itself is nothing more than a little CF
template w/ a couple of CFSets. Something like:
<!--- DBPassSomeRandomJunkNoOneWillGuess.cfm --->
<cfset DBUser = "MeWho">
<cfset DBPass = "ExactlyWhat">
You could certainly employ some basic encryption here, but it would
just be obfuscation. You might slow down an attacker, but chances
are you won't stop them.
I would use CFENCODE to encrypt that CF template. Again, that's not
terribly secure, but it will prevent a casual browser of your server
from accidentally seeing your passwords.
3) In your actual CFM's, do:
<Cfinclude template="/DBPass/DBPassSomeRandomJunkNoOneWillGuess.cfm">
<Cfquery name="Whatever" datasource="Whatever" username="#DBUser#"
password="#DBPass#">
SELECT ...
</cfquery>
That's about it.... I'll stress just one more time that this is NOT
100% secure, and that someone who REALLY wants your data WILL GET
your data no matter what you do. This does provide what I think is a
reasonable measure of security & difficulty so that your average
luser with nothing better to do will likely take a hike before he
gets into your data.
If you'd care to get any other details on any part of that, feel free
to ask.
<And please forgive any typos as I'm writing this 5 minutes before I
have to be at the mall getting measured for a Tuxedo...>
Best regards,
Zac Bedell
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOgHCEavhLS1aWPxeEQIhyQCfV1YHqMb7C5w7QopKL/+3ClQuEhIAn2SB
pwunhPbaqlW7xx+bm4FCmiUm
=KXcz
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
