Hello,
I'm setting up a new environment and I would like to have the ability, through a web UI to copy objects from our production database (separate server) to a development/debugging database (separate server). My question is not about how to implement this but rather whether this is bad practice. It would involve exposing the production database on the dev server (via a datasource mapping in the cfadmin). This would mean that any developer that is using our dev server (my concern is contractors..) would be able to write a query against the production database and potentially download sensitive data. How to people handle this type of risk? One idea I had was to not hardcode the database username/password in the CFadmin and instead prompt for it when accessing this specific tool through the web UI. Does that sound like a reasonable means of protecting the data in the production database from developers working on the development server? Anybody have better ideas? Brook ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349658 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
