RE: [CFCDev] CFMX SQL Server Code Generation Tool

Mon, 09 Aug 2004 15:24:54 -0700 

Dave's approach is correct for security within a database.

Because CF factory can see all the DSN, it is very possible on untrusted servers to still access those DSN which may have greater privileges.


At 01:36 PM 8/9/2004, you wrote: 
> Mr. Flanigan or cf_mailing list......
>
>     I have downloaded your tool and put it on our development
> server. Works fine. Only one problem, what stops others who
> access the tool from doing any damage to the tables or
> databases using stored procedures. We had tested the tool to
> see if one could delete info from a table and we could using
> an account with no privileges. Any information on this would
> be great as macromedia has nothing about factoryservices and
> how to disable or handle security. Thank you.

Well, I'm not Mr. Flanigan, but you should secure your production SQL Server
database by creating unprivileged SQL logins that don't have rights to do
those sorts of things. This is a basic element of database security. I'm
pretty certain you won't be able to delete info from a table, or run
inappropriate stored procedures, with an account lacking the necessary
privileges.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444

----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email
to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev'
in the message of the email.

CFCDev is run by CFCZone (www.cfczone.org) and supported
by Mindtool, Corporation (www.mindtool.com).

An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED] 

-----------------------------------------------------------------------
http://www.switch-box.org/CFSQLTool/Download/

Switch_box                      MediaFirm, Inc.
www.Switch-box.org              Loveland, CO  USA

----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email
to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email.

CFCDev is run by CFCZone (www.cfczone.org) and supported
by Mindtool, Corporation (www.mindtool.com).

An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]

Reply via email to