> Here is the code: Secure or not so secure? (No vpn or ssh tunnel, traffic is > right over the internet via SSL 2048bit between two CF 8 Servers)
My first reaction is don't do it, find a better way, but if you must pass an arbitrary query across the Internet and get a result set then you're going in the right direction. The connection will be secured by SSL before the request headers get sent, so you shouldn't need to worry about anyone sniffing the requests and seeing the URL or the password that's being passed along with the request. My next issue would be to restrict the ability to process requests to known sources, and you've got a piece of that in there to only process if coming from a known IP, so you're on the right track. I would keep that check in the code and also add it to the webserver itself so that any request for the URL coming from an unknown source won't even make it to the CF server. The extra layer couldn't hurt, especially given the nature of the component. Ideally you would write some stored procs on the receiving server and execute those with the parameters being passed in rather than passing the whole query through, but I don't know what your situation is to know whether that's feasible or not. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341061 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
