just take a copy of the live database and remove all sensitive data from it. either remove all data and replace with demo data, or just run a query that replaces the sensitive data with something else.
On Sat, Jan 28, 2012 at 10:15 PM, Mike Chabot <[email protected]> wrote: > > Putting production data source connections on the development server > is a practice you should avoid. I cringe whenever I see developers do > this. > > Having the development DSN on the production server is less risky. > Another path would be having the two databases linked at the database > level and use database code to copy objects between servers, possibly > triggered by a command issued by a Web UI. Database security is easier > to control at the database level, and you wouldn't have to expose the > production dsn on the dev Web server. > > I can't think of too many examples where you would want to copy > production data to development using a ColdFusion Web GUI. I use > specialized database tools or scripts, with no UI, when transferring > database data between environments. If you really need this ability > through a ColdFusion application, then having a password prompt is a > bit better than using an embedded password. > > -Mike Chabot > > On Sat, Jan 28, 2012 at 4:02 PM, Brook Davies <[email protected]> > wrote: > > > > Hello, > > > > > > > > I'm setting up a new environment and I would like to have the ability, > > through a web UI to copy objects from our production database (separate > > server) to a development/debugging database (separate server). My > question > > is not about how to implement this but rather whether this is bad > practice. > > It would involve exposing the production database on the dev server (via > a > > datasource mapping in the cfadmin). > > > > > > > > This would mean that any developer that is using our dev server (my > concern > > is contractors..) would be able to write a query against the production > > database and potentially download sensitive data. How to people handle > this > > type of risk? > > > > > > > > One idea I had was to not hardcode the database username/password in the > > CFadmin and instead prompt for it when accessing this specific tool > through > > the web UI. Does that sound like a reasonable means of protecting the > data > > in the production database from developers working on the development > > server? > > > > > > > > Anybody have better ideas? > > > > > > > > Brook > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349660 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
