James, Exactly right. Also, I might add that if the server gets rooted and they get partial access to the file system, hard coding your DB login becomes an immediate target. Bad idea in any circumstance.
Phil -----Original Message----- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: Sunday, March 06, 2005 2:05 AM To: CF-Talk Subject: RE: CFQUERY accessing MS SQL DB on another CF server In fact, without sandboxing, it is trivial to write a CF template to get the raw code of everyone else's CF templates to get their usernames and passwords; since in this case the datasource is now written in the code, you don't even have to guess it. In other words, if your host doesn't sandbox, don't expect any security at all. -----Original Message----- From: James Holmes Sent: Sunday, 6 March 2005 3:19 To: CF-Talk Subject: RE: CFQUERY accessing MS SQL DB on another CF server Unless they are using sandboxing on CF Enterprise, like ay decent ISP should. -----Original Message----- From: S. Isaac Dealey [mailto:[EMAIL PROTECTED] Sent: Sunday, 6 March 2005 3:23 To: CF-Talk Subject: RE: CFQUERY accessing MS SQL DB on another CF server [snip] Many shared hosting providers don't include the username / password in the DSN definition in the CF Admin (forcing you to use them in your code) because that would allow anyone with a hosting account to theoretically access another one of their client's databases by guessing the DSN. Which could be a particularly dangerous thing if the DSN names happen to be formulaic. [snip] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197608 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
