I have a tool that will read the registry and pull the datasources on the machine the tool is on.
The tool will check for the registry and if the registry tag is disabled it will give you a text box to manually type in a datasource. Then the tool will act like a simplified version of Enterprise Manager. If anyone wants the code I will zip it and make it available from my site. This tool works in IE5 and up ONLY. -- Clint Tredway ---------------------------------- Through Him, anything is possible. > hey guys, i just thought about this, and it's making me feel uneasy > about using shared SQL server. > > ok, i did a test hack on a live server. > > As you know in SQL Enterprise, you're able to see the database names > of other people sharing the SQL server. and by looking at the names > you can probably guess what they named their DSN. I got lucky, and > nabbed one. I pulled out the table names from sysobjects. Then > pulled out the field names from a "very desirable" table using > columnlist, then was able to pull out data! I was appalled! Because > my DSNs are named after my site and anyone could have just done with > I've done, but with a different intent. > > But the only way they will get that far is if they know the DSN. And > to prevent that would be to never us an obvious DSN. name it > something like "Hys72hs"!!!!! > > I had that fear in my mind way from the beginning, but I had thought > that the DSN only works if it is being requested from a certain > site!!! > > and also, can someone tell me how many webHosts turn off the > CFREGISTRY tag? Or if any host even have it on at all? I attempted > to retrieve the DATAsource names from using that tag, but good thing > this host turned it off. > > Also, please let me know of any coldfusion hacks you guys might > know. This is, of course, so you and I can have better security! > > > > > > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
