>> What are the security risks for using a datasource that >> connects to that remote database? Isn't the username and >> password passed to that database unencrypted? Wouldn't this >> be a huge security risk? > >Generally, yes, this could be a very large security risk. Most database >connections are unencrypted by default, so it would be fairly trivial to >pluck logins from the traffic if you had access to either endpoint, or to a >network used by either endpoint. > >The way you deal with this is the way you deal with any similar problem - >use adequate encryption. This may range from SSL (which is supported by SQL >Server, but I haven't set that up with CF) to a VPN tunnel. > >> Are there any documented cases in which the username and >> password have been sniffed allowing the hacker to login in to >> the remote database? > >I can't point to any offhand, but I would certainly assume that it's been >done, since it's simple to do. I would also argue that the knowledge that >this is easy to do would require you to use encryption simply to meet due >diligence requirements. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ > >Fig Leaf Software provides the highest caliber vendor-authorized >instruction at our training centers in Washington DC, Atlanta, >Chicago, Baltimore, Northern Virginia, or on-site at your location. >Visit http://training.figleaf.com/ for more information!
Hi Dave, Thanks for your reply. Aren't there the same security risks when using SQL Server Management Studio Express to login to a remote SQL Server? Doesn't just about everyone use this when logging into a hosted SQL Server? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion 8 - Build next generation apps today, with easy PDF and Ajax features - download now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:293800 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
