> I have a question about internet security and using a remote
> datasource.
>
> What it boils down to is the nature of how a hacker would intercept
> traffic. Could they intercept all traffic from a specific site?
>
> My situation is this: I want to write sensative information
> to a remote datasource using <cfquery DBSERVER=...>, and that
> info will be in transit, and thus able to be intercepted. So,
> if I did a series of updates, would that solve the problem,
> or would someone be able to piece them together. Example:
>
> <cfquery dbserver="x"... name="insertquery">
> SET NOCOUNT ON
> INSERT INTO User (FName, LName, Address)
> VALUES ('Bob', 'Smith', '123 Fake St')
> SELECT @@Identity AS NewID
> </cfquery>
>
> <cfquery dbserver="x"... >
> UPDATE User
> SET SSN = '123456789'
> WHERE UserID = #INSERTQUERY.NewID#
> </cfquery>
>
> Since this is 2 separate transactions, someone seeing either
> one would do them no good, but both would be a disaster (for me).
>
> So, I am on the right track? Should this work or should I look into
> securing this connection?
If by "remote datasource" you mean that you're connecting to databases
across the public Internet, I'd recommend that you encrypt the entire
connection - anyone able to read part of the connection data would be able
to read all of it.
SQL Server, for example, has the ability to encrypt client-server
connections. I don't know how secure that is, but it's probably more secure
than plaintext. Ideally, you'd create a VPN-type connection between servers,
to encrypt all communication between those servers.
Even better, though, from a performance standpoint, would be to move the
database and web servers to a shared private physical network. Doing queries
across the Internet is going to provide relatively poor performance.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
