Just guessing, but...
I assume you have a username and password in the DSN?
Limit that 'username and passwords' access to the database.
Does your web user really need 'admin' access to the db?
In SQL Server, you can remove the "delete access" to specific tables. Some people remove all access to tables and force the user to interact w/ the tables using stored procedures or views.
You could also do something to protect the directory which you put the switch-box app in, but that wouldn't fix your underlying security problem.
I thought that the Factory Service was only used by the switch-box tool to get the list of datasources, which has nothing to do w/ the security of those data sources.
At 03:06 PM 8/9/2004, you wrote:
Mr. Flanigan or cf_mailing list......
I have downloaded your tool and put it on our development server. Works fine. Only one problem, what stops others who access the tool from doing any damage to the tables or databases using stored procedures. We had tested the tool to see if one could delete info from a table and we could using an account with no privileges. Any information on this would be great as macromedia has nothing about factoryservices and how to disable or handle security. Thank you.
Frank Adams
- -----Original Message-----
Jeffry Houser, Web Developer, Writer, Songwriter, Recording Engineer
<mailto:[EMAIL PROTECTED]>
--
AIM: Reboog711 | Phone: 1-203-379-0773
--
My Books: <http://www.instantcoldfusion.com>
Recording Music: <http://www.fcfstudios.com>
Original Energetic Acoustic Rock: <http://www.farcryfly.com>
