What about hardcoding the username and password in a CFX tag? It is
compiled, so it won't be simple to extract.
Chris Evans
[EMAIL PROTECTED]
http://www.fuseware.com
-----Original Message-----
From: Larry W. Virden [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 02, 2000 2:39 PM
To: CF-Talk
Subject: Re: Paranoid programming...
From: Scott Becker <[EMAIL PROTECTED]>
> I'm curious, why do you consider the ColdFusion admin area insecure? Is
> there a way the password can be discovered once its put there?
The problem, as it is described to me, is this. Coldfusion on Solaris
requires one to share one ColdFusion instance per box. Thus, one either
has to dedicate one complete hardware/software machine for one sensitive
application, or one has to remove userids and passwords from the data
source area. Otherwise, anyone putting applications on that machine
could, potentially, make use of the data source to access your data.
--
Never apply a Star Trek solution to a Babylon 5 problem.
Larry W. Virden <mailto:[EMAIL PROTECTED]> <URL:
http://www.purl.org/NET/lvirden/>
Even if explicitly stated to the contrary, nothing in this posting should
be construed as representing my employer's opinions.
-><-
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
