Hello Guys,
My DSN doesn't currently require a username and password, just the DSN will
do. Now I've read a few 'best practices' and security type documents in the
past and they've always stated that my DSN should require a username and
password to keep it nice and secure.
Now, my database
Absolutely. I'm not a security hawk and tend not to get too out of
control with locking things down, but I do like to create a user with
only those privileges required to execute the application
functionality (and, of course, only the database or databases required
by the app). I then supply
Also, I find putting passwords in every cfquery -- potentially then hundreds of
occurrances throughout your code -- is less secure than having it appear once
as in a password protected webform.
Mik
At 08:00 AM 3/14/2007, Rob Wilkerson wrote:
Absolutely. I'm not a security hawk and tend
:50
To: CF-Talk
Subject: Re: Password Protect My DSN
Also, I find putting passwords in every cfquery -- potentially then hundreds
of occurrances throughout your code -- is less secure than having it appear
once as in a password protected webform.
Mik
At 08:00 AM 3/14/2007, Rob Wilkerson
One of the reasons to password protect your DSN in code vs administrator is on
a shared host the ability for someone to compromise your administrator if the
host isn't diligent about it. Another reason is to not allow someone else on
your virtual host to maliciously access you data source
Message-
From: Dana Kowalski [mailto:[EMAIL PROTECTED]
Sent: 14 March 2007 14:15
To: CF-Talk
Subject: Re: Password Protect My DSN
One of the reasons to password protect your DSN in code vs administrator is
on a shared host the ability for someone to compromise your administrator if
the host
6 matches
Mail list logo