Here are some of the issues that I am asked about with regards to Unix
and use of Coldfusion:
Developers often resist having database user ids and passwords embedded
into ColdFusion admin databases. This is not secure (since the ColdFusion
admin now has info that they may, in fact, not be cleared to see).
What are the alternatives for passing owner and password on through to
the underlying database (such as Oracle, etc)
If one DOES embed the user id/password, then one still has to implement
some sort of security mechanism, since the .cfm files need to be readable
by user "nobody" if the web server is running in the default configuration.
What practices helps one prevent making modified versions of the .cfm pages
and accessing the data?
Sometimes a solution is implemented where one runs the ww server as
a specific userid. However, this results in an increasing number of
servers, which then one has to administrate, deal with upgrades, hangs, etc.
Are there some articles addressing these issues and detailing some
best practices?
--
Never apply a Star Trek solution to a Babylon 5 problem.
Larry W. Virden <mailto:[EMAIL PROTECTED]> <URL: http://www.purl.org/NET/lvirden/>
Even if explicitly stated to the contrary, nothing in this posting should
be construed as representing my employer's opinions.
-><-
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
