Matt, thank you very much. I really just needed to understand if there was any way at the application scope from the front end.
Just as a quick clarification, I'm not setting the datasource directly in the bluedragon.xml file. I have a settings.xml file which has many site/app specific data points one of them is config data for the datasource. I setting the data source for the session using the "DataSourceCreate" function. This method appears to be working really well. It's my goal to deploy my app without the admin api, this will help ensure application configuration (for me :-) ) Thanks again, Charlie On Jun 13, 10:45 am, Matthew Woodward <[email protected]> wrote: > On Sun, Jun 13, 2010 at 9:00 AM, Skellington <[email protected]> wrote: > > Am I being overly paranoid, is this > > variable accessible in some way with Firebug etc? > > I'm assuming you're setting application.settings.db.password, right? Is > there a reason you're storing that value in your application scope as > opposed to just using the datasource name in your application? That way the > db password wouldn't have to be in your code anywhere. > > I'd have to ponder this a bit but I don't see how there'd be any way to get > at that value from the front end unless you're dumping it. > > You may be aware of this already, but if you set the datasource via the > admin console it does get encrypted. Off the top of my head I don't know > what the encryption scheme is and how that all works, but would it be > possible for you to set datasources via the admin API CFCs instead of > modifying the XML file directly? > > I suppose it might also be possible to encrypt the database password using > the same mechanism the engine itself uses to encrypt database passwords and > put the encrypted value in the XML, but I don't know if you'd somehow to > have tell the engine the value is encrypted. I'd have to dig into that part > of the OpenBD codebase to see how that works. > > Another concern that comes up in this context is access to the XML config > file. So it's clear, since the XML file itself is under WEB-INF it isn't web > accessible, so any information in the XML file itself can't be browsed. > > I'll try to dig around and see about the encryption, but I don't see how > you'd run into any issues. > > -- > Matthew Woodward > [email protected]http://blog.mattwoodward.com > identi.ca / Twitter: @mpwoodward > > Please do not send me proprietary file formats such as Word, PowerPoint, > etc. as attachments.http://www.gnu.org/philosophy/no-word-attachments.html -- Open BlueDragon Public Mailing List http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon online manual: http://www.openbluedragon.org/manual/ mailing list - http://groups.google.com/group/openbd?hl=en
