I thought I replied to this before, but I guess it got lost... I do not
secure my datasources on the code level as would be the case of
specifying usernam/password in <cfquery>. I either create a db user with
rights only for that application or I create application roles (sql
server). I also only ever use stored procedures and then I lock down
either the db user or application role to only be able to use stored
procs.
I don't know what dbms you're using, but I use sql server and that's how
I would do it.
Mark
-----Original Message-----
From: Darryl Lyons [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 06, 2001 11:44 PM
To: CF-Talk
Subject: Username/password attribs on CFQUERY
Has anyone got any thoughts on what the implications are for using
username/password attribs in the CFQUERY tag. Obviously on a shared
environment do not want to be placing a username/password on the actual
datasource..
Any other ways of securing datasources?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
