RE: [CFCDev] CFMX SQL Server Code Generation Tool

Mon, 09 Aug 2004 13:29:36 -0700


 I would guess that the switch-box tool is not over-riding any of the CF Admin settings.  Maybe Joseph can chime in here. 

At 03:53 PM 8/9/2004, you wrote:
Many of the drivers that CF uses also have their own hooks in the CFAdmin to disable all manner of database functionality and commands.
 
RC
 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeffry Houser
Sent: Monday, August 09, 2004 3:49 PM
To: [EMAIL PROTECTED]
Subject: RE: [CFCDev] CFMX SQL Server Code Generation Tool
 

 Just guessing, but...
 I assume you have a username and password in the DSN? 
 Limit that 'username and passwords' access to the database.
 Does your web user really need 'admin' access to the db? 

 In SQL Server, you can remove the "delete access" to specific tables.  Some people remove all access to tables and force the user to interact w/ the tables using stored procedures or views. 
 
 You could also do something to protect the directory which you put the switch-box app in, but that wouldn't fix your underlying security problem.

 I thought that the Factory Service was only used by the switch-box tool to get the list of datasources, which has nothing to do w/ the security of those data sources. 

At 03:06 PM 8/9/2004, you wrote:

Mr. Flanigan or cf_mailing list......
 
    I have downloaded your tool and put it on our development server. Works fine. Only one problem, what stops others who access the tool from doing any damage to the tables or databases using stored procedures. We had tested the tool to see if one could delete info from a table and we could using an account with no privileges. Any information on this would be great as macromedia has nothing about factoryservices and how to disable or handle security. Thank you.
 
Frank Adams
-----Original Message-----



--
Jeffry Houser, Web Developer, Writer, Songwriter, Recording Engineer
<mailto:[EMAIL PROTECTED]>
--
AIM: Reboog711  | Phone: 1-203-379-0773
--
My Books: <http://www.instantcoldfusion.com>
Recording Music: <http://www.fcfstudios.com>
Original Energetic Acoustic Rock: <http://www.farcryfly.com>

--
Jeffry Houser, Web Developer, Writer, Songwriter, Recording Engineer
<mailto:[EMAIL PROTECTED]>
--
AIM: Reboog711  | Phone: 1-203-379-0773
--
My Books: <http://www.instantcoldfusion.com>
Recording Music: <http://www.fcfstudios.com>
Original Energetic Acoustic Rock: <http://www.farcryfly.com>

Reply via email to