On 7/25/02, Stacy Young penned: >Ah ok now I get it! ;-) > >As for whether you'd have any problems, not sure give it a whirl! Another >suggestion might be to use a dedicated userid/pass for that datasource. Also >I wouldn't necessarily keep users passwords in these tables...For most >occasions I've found that the userid only would suffice...after a person is >logged in just check for the presence of the userid in the client scope.
I just manually created a client.user variable and logged myself in to a test application by going to the application and checking the cfid and cftoken cookies that were set. I had to use INSERT, but it worked easily. So, allowing only Stored Procedures (of which there aren't any) should prevent this. <cfset data = "HITCOUNT=2##LASTVISIT=#CreateODBCDateTime(now())###TIMECREATED=#CreateODBCDateTime(now())###"> <CFQUERY DATASOURCE="myclientdatabase"> INSERT INTO CGLOBAL (cfid,data,lvisit) VALUES ('988:7118230','#data#',#CreateODBCDateTime(now())#) </CFQUERY> <CFQUERY DATASOURCE="myclientdatabase"> INSERT INTO CDATA (cfid,app,data) VALUES ('988:7118230','oogagy','USER=budman##') </CFQUERY> > >The easiest fix at the moment though would probably be a dedicated >user/pass. How would you do that with a client storage datasource? I'd also have to create a dedicated client database for each site. I just use a single database as the default storage. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists