On 7/25/02, Stacy Young penned:
>Ah ok now I get it! ;-)
>
>As for whether you'd have any problems, not sure give it a whirl! Another
>suggestion might be to use a dedicated userid/pass for that datasource. Also
>I wouldn't necessarily keep users passwords in these tables...For most
>occasions I've found that the userid only would suffice...after a person is
>logged in just check for the presence of the userid in the client scope.
I just manually created a client.user variable and logged myself in
to a test application by going to the application and checking the
cfid and cftoken cookies that were set. I had to use INSERT, but it
worked easily. So, allowing only Stored Procedures (of which there
aren't any) should prevent this.
<cfset data =
"HITCOUNT=2##LASTVISIT=#CreateODBCDateTime(now())###TIMECREATED=#CreateODBCDateTime(now())###">
<CFQUERY DATASOURCE="myclientdatabase">
INSERT INTO CGLOBAL
(cfid,data,lvisit)
VALUES
('988:7118230','#data#',#CreateODBCDateTime(now())#)
</CFQUERY>
<CFQUERY DATASOURCE="myclientdatabase">
INSERT INTO CDATA
(cfid,app,data)
VALUES
('988:7118230','oogagy','USER=budman##')
</CFQUERY>
>
>The easiest fix at the moment though would probably be a dedicated
>user/pass.
How would you do that with a client storage datasource? I'd also have
to create a dedicated client database for each site. I just use a
single database as the default storage.
--
Bud Schneehagen - Tropical Web Creations
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
ColdFusion Solutions / eCommerce Development
[EMAIL PROTECTED]
http://www.twcreations.com/
954.721.3452
______________________________________________________________________
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
