>
> As for using the security of your DB instead of application-based
> security - in my opinion this is possibly *less* secure - it means that
> anyone with a login for your webapp automatically has a direct login for
> your database server!
Which is of course set up to only allow connections from the web
server, regardless of the credentials offered. Layer after layer
after layer :-)
> A few pointers I use when thinking about the security of CF web apps:
>
> 1. Make sure CF server is suitably locked down - e.g.:
Compared to this, the rest is probably insignificant. The total
number of compromised sites/servers based on weaknesses in the OS
and webserver is probably a magnitude larger as the number of
exploited sites/servers based on anything that can be influenced
by CF code/setup.
Jochem
--
I don't get it
immigrants don't work
and steal our jobs
- Loesje
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
