I restrict access at the CF level.... I get the page from the directory path... and if the file begins with "_" then I throw an error.
....................... Ben Nadel Web Developer Nylon Technology 6 West 14th Street New York, NY 10011 212.691.1134 212.691.3477 fax www.nylontechnology.com "Vote for Pedro" -----Original Message----- From: Stan Winchester [mailto:[EMAIL PROTECTED] Sent: Friday, December 16, 2005 8:32 AM To: CF-Talk Subject: Re: Required DSN Username & Password Ben, Thanks for the suggestion! Are you restricting the file access at the web server level, or in CF? If in CF, are you testing for the file name in CGI scope to deny access? >We store ours in a CF struct: > >DSN = StructNew(); >DSN.Source = "" >DSN.Username = "" >DSN.Password = "" > > >And then we use that in the queries. We put that in a file that starts with >an "_" and then we deny any access to files that start with an "_" so people >can access it by some means. > >My boss is a stickler for security and he is cool with it. Just make sure >you never dump it out to screen anywhere and you should be good. We have >never had a problem. > >You could maybe go further if you are worried and make then private >variables inside a DSN coldfusion component. That way, they wouldn't even be >able to be seen in a dump. Then use getters for values: DSN.GetSource(), >DSN.GetPassword(), etc. > >But that is probably overkill. > >...................... >Ben Nadel >Web Developer >Nylon Technology >6 West 14th Street >New York, NY 10011 >212.691.1134 >212.691.3477 fax >www.nylontechnology.com > >"Vote for Pedro" > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227157 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
