Don't put the login info in the administrator, put it in the code? <cfquery datasource="myDSN" username="theusername" password="mypassword"> </cfquery>
..:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com -----Original Message----- From: Meghna Chopra [mailto:[EMAIL PROTECTED] Sent: Saturday, September 13, 2008 6:57 AM To: CF-Talk Subject: ColdFusion DSN Security I have security concern about ColdFusion DNSs. I have created a CF DSN for a MS SQL Database using CF Admin. When we create DSN it asks for username and password of the database. Now I can access this DSN in my scripts without database username & password so that means if I am on shared hosting server than I can access any of the database using DSN even without knowing the database username and password. All I need to know is the DSN name. and if I can do this than I can do anything with the database hosted on that server. I have tested it and I can confirm what I have mentioned. The thing is how can I avoid this? Any comments? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312501 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
