Makes sense. As a general rule, if you're following general best practices (code modularity, separation of data and views) it shouldn't contradict STIG guidelines, correct? Or, put in another way, STIG wouldn't say "you have put all of your information into various, independent tables (for security reasons)" which would negate the purpose of a relational database.
STIG should be fairly common sense, correct? > > Thanks for the insight. I have a couple questions. When you say > "roles" do you mean roles at the DB end? > > We use Oracle, so roles mean something specific. Or "roles" as in > user rights as determined by the > > application (for example, a "front end" user and a "back end" user). > > > The latter, although if you were using different datasources you > could > perhaps associate Oracle DB roles with these roles. I wouldn't > recommend that approach, though. > > > Encryption would happen at the webserver end, not necessarily > ColdFusion, correct? > > Mostly, but not necessarily all of it. For example, you might want to > encrypt files at rest - you'd do that in CF. > > > As a general example, let's take a CFC that has a simple query that > returns a records of a location's sales. > > We would want to make that code resuable for various pages, so our > DSN can't be something specific like > > FRONTEND_DSN or BACKEND_DSN. Or do you mean to imply that two > different queries would have to be > > used (using, literally, the same SQL) where one uses the > FRONTEND_DSN and another as BACKEND_DSN. > > I don't think there's a hard-and-fast rule here, but it seems to me > like you'd be ok if you simply handled queries that perform > admin-specific tasks with a separate datasource. Queries that are > used > by both administrators and users could be handled by either > datasource. > > Dave Watts, CTO, Fig Leaf Software > 1-202-527-9569 > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357911 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
