How about store the username/password in a variable that is obtained
from some other place? so instead of doing this:
<cfquery username="blah" password="blah">
<cfquery username="#somevariable#" password="#somevariable#">
You would need to pull that variable from somewhere, maybe from another
database, maybe from a file, that would be up to you. But this would
keep the username/password out of your direct code and out of the ODBC
driver.
Is that a step in the right direction?
Steve
"Larry W. Virden" wrote:
>
> Okay - bear with me here folk!
>
> Imagine one has a database (for example Oracle) which requires a user id
> and password to access. Now, imagine writing an application to let joe
> user to look up and insert info into this table. HOWEVER, we do not
> want to generally publish the user id and password; we want the coldfusion
> app as the 'gateway' into the table.
>
> So far, so good.
>
> However, because of the gateway issue, hard coding the userid and password
> into the cfm files is out - the cfm files are in general accessible by
> someone browsing the directories.
>
> The database itself is sensitive enough that the owner does not want the
> userid and password put into the ColdFusion admin area either...
>
> If you had to write an app where the database userid and password:
> could not be hard coded,
> could not be put into the admin area,
> could not be entered via prompting
> what approach would you use? Putting it into a file - encrypted or not -
> doesn't work; the files are readable and so someone could just copy them
> and build their own 'pseudo' app that accesses the data, right?
>
> Looking for 'outside the box' possible solutions.
>
> If it helps, the platform for the server is SPARC Solaris.
> --
> Never apply a Star Trek solution to a Babylon 5 problem.
> Larry W. Virden <mailto:[EMAIL PROTECTED]> <URL: http://www.purl.org/NET/lvirden/>
> Even if explicitly stated to the contrary, nothing in this posting should
> be construed as representing my employer's opinions.
> -><-
>
>------------------------------------------------------------------------------------------------
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
>with 'unsubscribe' in the body to [EMAIL PROTECTED]
--
Steve Nelson
http://www.SecretAgents.com
Tools for Fusebox Developers
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
