On Wed, 06 Jun 2001 06:57:23 -0700, "Mark Warrick" <[EMAIL PROTECTED]> wrote:
>My opinion is that using the CF Administrator to setup the username and
>password is the most secure way to do this for the very reason you pointed
>out - people might be able to crack open the code and get that username and
>password. You should be worried about other people on your shared box, not
>the administrator.
>
>You have to assume that your system administrators aren't going to steal
>your secrets. Besides, they don't need your username and password. They
>can access all the databases on the SQL server anyway.
This is something I have often wondered about - the ISPs I deal with have
insisted on having the username and password in the cfquery code rather than
in the ODBC setup. If this is so insecure, why are they doing it that way?
Are there any other security concerns? Or are they just stoopid?
K.
______________________________________________________
Kay Smoljak - ColdFusion Developer - PerthWeb Pty Ltd
Internet Solutions for your business!
Level 9/105 St George's Tc - Perth - Western Australia
Ph: (08) 9226 1366 Fax: (08) 9226 1375 Mobile : 0419 949 007
Visit Perth online! : www.perthweb.com.au
Tools for developers: http://developer.perthweb.com.au
-- cfx_pwimageproc: image processing tool
-- cfx_pwcardcrypt: credit card validation and encryption
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
