It really should not be possible to query the database without a username/password. The only way this is possible is if
a) the login is in the DSN b) guest access has been allowed on the db without a login c) windows authentication is used and you are connecting as the coldfusion service user If this is a shared host and then it wont be b or c, so I suggest you double check A If you do not have access for the cfadmin, then you could try changing the database password, which will stop the DSN login working. On Fri, Nov 12, 2010 at 6:37 PM, Jacob Munson <yacoub...@gmail.com> wrote: > n > I haven't tried this, but I wonder if you could create a user that has > 0 privileges. Maybe just give it read rights on tempdb, but nothing > else. And then put that into your data source. So it's a valid user, > but it can't access the sensitive databases. > > On Fri, Nov 12, 2010 at 11:21 AM, Doug Ford <doug.e.f...@gmail.com> wrote: > > > > I am trying to add a level of security that if someone was able to access > the server and upload a file to read the SQL tables, I wanted to make sure > that without the proper password, a cfquery without a u/n & p/w, would fail > in the attempt. > > > > It's just all for security. > > > > > >>Is there a reason why you don't want to put the correct UN/PW into the > >>data source? > >> > >> > >>> > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339156 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
