I prefer to pass the db username/password on the url
in plain text format with every page request.
--- "McCollough, Alan" <[EMAIL PROTECTED]> wrote:
> I don't explicitly set the db username/password at
> the CFQUERY; instead, I
> set it purely at the CF Admin page.
>
> Ya know, I'm beginning to think everything is a
> security risk; its just a
> question of how much of a risk do you wanna accept.
>
> Alan McCollough
> Web Programmer
> Allaire Certified ColdFusion Developer
> Alaska Native Medical Center
>
> > -----Original Message-----
> > From: Bud [SMTP:[EMAIL PROTECTED]]
> > Sent: Tuesday, January 30, 2001 6:21 PM
> > To: Fusebox
> > Subject: RE: Security Warning Update
> >
> > On 1/30/01, Marc Funaro penned:
> > >Where should one set the usernames and passwords
> for databases -- in the
> > >ODBC connection on CF Server? I thought that was
> a security risk too...
> > >{redacted}
> > I'm curious about that also.
> > -- {redacted}
> > Unsubscribe:
> http://www.houseoffusion.com/index.cfm?sidebar=lists
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
