> I'm getting around to moving to SQL server (finally) and am curious > about setting it up securely, in particular in relation to Cold > Fusion. I know I should setup a 'Cold Fusion' user, run the CF > service as that and allow that CF user access to SQL Server. But > what rights does that CF user need (or not need?).
Well, in my opinion, you're better off simply creating a "native" SQL login, then using that username and password for an individual application by placing it in the datasource. I'd recommend creating one for each database, and limiting the rights of each to the specific objects within the database that should be accessible from your application. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists