> I am setting up a website that will have three separate MySql databases. Db1 > is used > in the public area, db2 is used in the value added area (a visitor is > required to obtain a > username and password), and db3 is where the staff maintain the website. From > a > security standpoint, does it make any difference if I create one database > connection > and call my queries as follows: > <cfquery name="q1" dbname=db1"" datasourcet="theConn"> > <cfquery name="q2" dbname=db2"" datasourcet="theConn"> > <cfquery name="q3" dbname=db3"" datasourcet="theConn"> > > or would this be more secure (three separate connections): > > <cfquery name="q1" dbname=db1"" datasourcet="Conn1"> > <cfquery name="q2" dbname=db2"" datasourcet="Conn2"> > <cfquery name="q3" dbname=db3"" datasourcet="Conn3">
Given the exact code above, the second approach would be more secure, but this doesn't really have anything to do with datasources. Instead, it's about logins - since you didn't specify a username and password in CFQUERY, you've embedded the login credentials in the datasource. The key is to use logins that have the minimal rights necessary, so that if a login is compromised (by, say, an SQL injection attack) it can't do anything beyond what it should be able to do. > Also, which way would be faster? In general, the first approach would perform better, since it could reuse existing database connections more easily. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324086 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
