From: Steve Nelson <[EMAIL PROTECTED]>
How about store the username/password in a variable that is
obtained
from some other place? so instead of doing this:
<cfquery username="blah" password="blah">
<cfquery username="#somevariable#" password="#somevariable#">
You would need to pull that variable from somewhere, maybe
from another
database, maybe from a file, that would be up to you. But
this would
keep the username/password out of your direct code and out of
the ODBC
driver.
Is that a step in the right direction?
Unfortunately, someone reading the coldfusion source could then
go to the file and read it - or write their own coldfusion page
to read the file.
Frankly, I don't even know how one could do this truly securely
OUTSIDE of ColdFusion let alone inside ColdFusion...
Something like use of ACLs to block the access to the web pages
to everyone except nobody (and root or whatever login id the
backups and restores look like) might be the best shot at locking
things down. It's just a real pain to deal with file by file
ACLs...
--
Larry W. Virden <URL: mailto:[EMAIL PROTECTED]>
<URL: http://www.purl.org/net/lvirden/>
Even if explicitly stated to the contrary, nothing in this
posting
should be construed as representing my employer's opinions.
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
