its usually not hard to guess someones DSN, its usually the sitename or somehting similar, and if createobject is enabled on the server, you can grab all the DSN's from the service factory anwyay.
Snake -----Original Message----- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: 09 May 2006 00:09 To: CF-Talk Subject: Re: Big SQL security hole at Crystaltech? 1) Going with the "default" is no excuse for an ISP when it comes to security (if that's what has happend) 2) If a client puts their user/pass in the DSN, it's their own damn fault....not the ISP! (of course you'd still need the DSN to access anything via CFQUERY) Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239879 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
