Thank you guys for your advice on that. It is a dedicated host, so if keeping the authentication details in the datasource is the best method then I'll be sure to do that. I'll also get some users setup in SQL just for my ColdFusion connections with minimum rights to keep it all buttoned down.
Thanks again guys, Rob -----Original Message----- From: Casey Dougall [mailto:[EMAIL PROTECTED] Sent: 14 June 2007 12:02 To: CF-Talk Subject: Re: Securing Datasources On 6/14/07, Robert Rawlins - Think Blue <[EMAIL PROTECTED]> wrote: > > Hello Guys, > > however, how do I have it so the username and password must > be supplied in my cfquery or stored proc tags? > > I'm not sure if this makes any difference, but the SQL Server and the CF > are > running on the same box and its SQL Server 2005 Standard and ColdFusion > MX7 > Standard. If you are on a dedicated server "You manage all websites" Saving the username and password inside the datasource record is the most secure method. It's better then saving it in the query statements on your page. You could also create two datasources, one for administrative functions where you need insert update select, then another that is only select and switch between the two in your applications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281110 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
