> Well as I have all our servers locked down I can't actually check to see how > far you can get with the default configuration. > I know you can see everyone elses databases, and I'm sure you can also open > the database and view the tables. > Just because you cannot do this at CFD, does not mean it is not the default, > it could simply mean that CFD have done something different. > If you want to know why CT haven't done the same, you will need to ask them, > but I would presume they wimply don't know how or don't care. > At the end of the day, a shared SQL server cannot be considered secure > anyway. Especially as a lot of clients put their username/passwor dinto the > DSN , which means everyone else on the server can get into their database > anyway using CFQUERY.
1) Going with the "default" is no excuse for an ISP when it comes to security (if that's what has happend) 2) If a client puts their user/pass in the DSN, it's their own damn fault....not the ISP! (of course you'd still need the DSN to access anything via CFQUERY) Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239869 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54