> What's the best way to secure a database against access from other
> applications? I know you can specify the username and password in the
> datasource admin, but that allows other apps to use the datasource..
> Specifying the username and password int he <cfquery> tag
> seems the best way
> to go, but that doesn't seem to work..
Not sure as to the best way, but we use this method and it works
1. Create SQL Server 7 database
2. Create a login account for the application that's going to read
from/write to that database
3. Give that account the required permissions and access to that database
4. Go to the box that the site is going to be hosted on
5. Set up a SQL Server DSN from that machine to the SQL box
6. In the ODBC DSN settings, specify that is uses a SQL Server login (not
NT) and provide the username/password combo for the account you previously
created.
7. Also, click on Client Configuration and make sure it's using TCP/IP and
not Named Pipes (the default, I think)
8. Test the datasource connects successfully
9. Go into the ColdFusion Administrator on the same box
10. Click on ODBC
11. Click on the DSN you've just created
12. Click on CF Settings
13. Enter the username and password into the username and password fields
and update
14. Your queries should now by just referring to
DATASOURCE="#YourDSNVarHere#"
As you mentioned, all users now have access to the login account by just
referring to the DSN. Not sure how to combat this.
The alternative is to do everything described above without doing the CF
Administrator bit. Then you have to add USERNAME="" and PASSWORD="" in all
your CFQUERY tags.
But then if someone peeks at your templates (or Application.cfm if you set
it globally there), you've also given them access to your database.
Each method seems to have its vulnerabilities. Maybe someone else could
advise... ?
--
Aidan Whitehall <[EMAIL PROTECTED]>
Netshopper UK Ltd
Advanced Web Solutions & Services
http://www.netshopperuk.com/
Telephone +44 (01744) 648650
Fax +44 (01744) 648651
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
