Thanks Judah. Our DBAs want to eliminate the generic account that I have my datasources setup with. Like you mentioned, they want to control users access at the DB level. Does CF8 support passing users credentials using integrated security? I think my only option, like you mentioned is to handle the security at the application level but the generic account will still have to exist on the DB server.
>I think that Dave has basically answered your question but I'll toss >out the notion that if it was acceptable in your environment you could >do the same sort of permissions but at the application level instead >of the db. > >CF can do authentication with Active Directory via the CFLDAP tag. You >could fetch a list of permissions and then proxy the calls to the db >and only allow certain queries involving your sprocs and views to >people with sufficient privileges. > >Though it is functionally equivalent to what you are talking about, it >may be that they want the roles and permissions enforced down at the >SQL Server level. There are some good reasons to do so and then there >are some reasons that, well, that's just how an organization has >always done it and isn't changing now. > >Anyway, if you are investigating CF talking to Active Directory, start >with the CFLDAP tag. > >Take care, >Judah > > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323028 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
