> I'm looking to get some advice on securing my datasource as > much as possible. > > I'm looking for some advice on the data source, I'm changing > the allowed functions of the datasource to SELECT, UPDATE and > INSERT only to stop things being dropped, however, how do I > have it so the username and password must be supplied in my > cfquery or stored proc tags? I can't see a checkbox anywhere > do I simply leave the username and password fields blank in > my administrator panel?
Instead of changing the allowed functions of the datasource, create database logins with the appropriate rights and use those from within your application. In SQL Server, for example, you would assign the db_datareader and db_datawriter roles to the login that can change data, and just db_datareader to the login that can only view data. You can just omit the username and password from the CF Administrator, and supply those values with your CFQUERY tags, but I don't think that makes things any more secure. The CF Administrator does encrypt the password, at least. > I'm not sure if this makes any difference, but the SQL Server > and the CF are running on the same box and its SQL Server > 2005 Standard and ColdFusion MX7 Standard. Then you have more pressing security concerns; if the database server is on the same machine as the application server, it can't be effectively protected. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281111 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
