Best Practice question about database access between Dev and Production Servers
Hello, I'm setting up a new environment and I would like to have the ability, through a web UI to copy objects from our production database (separate server) to a development/debugging database (separate server). My question is not about how to implement this but rather whether this is bad practice. It would involve exposing the production database on the dev server (via a datasource mapping in the cfadmin). This would mean that any developer that is using our dev server (my concern is contractors..) would be able to write a query against the production database and potentially download sensitive data. How to people handle this type of risk? One idea I had was to not hardcode the database username/password in the CFadmin and instead prompt for it when accessing this specific tool through the web UI. Does that sound like a reasonable means of protecting the data in the production database from developers working on the development server? Anybody have better ideas? Brook ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349658 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Best Practice question about database access between Dev and Production Servers
Putting production data source connections on the development server is a practice you should avoid. I cringe whenever I see developers do this. Having the development DSN on the production server is less risky. Another path would be having the two databases linked at the database level and use database code to copy objects between servers, possibly triggered by a command issued by a Web UI. Database security is easier to control at the database level, and you wouldn't have to expose the production dsn on the dev Web server. I can't think of too many examples where you would want to copy production data to development using a ColdFusion Web GUI. I use specialized database tools or scripts, with no UI, when transferring database data between environments. If you really need this ability through a ColdFusion application, then having a password prompt is a bit better than using an embedded password. -Mike Chabot On Sat, Jan 28, 2012 at 4:02 PM, Brook Davies cft...@logiforms.com wrote: Hello, I'm setting up a new environment and I would like to have the ability, through a web UI to copy objects from our production database (separate server) to a development/debugging database (separate server). My question is not about how to implement this but rather whether this is bad practice. It would involve exposing the production database on the dev server (via a datasource mapping in the cfadmin). This would mean that any developer that is using our dev server (my concern is contractors..) would be able to write a query against the production database and potentially download sensitive data. How to people handle this type of risk? One idea I had was to not hardcode the database username/password in the CFadmin and instead prompt for it when accessing this specific tool through the web UI. Does that sound like a reasonable means of protecting the data in the production database from developers working on the development server? Anybody have better ideas? Brook ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349659 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Best Practice question about database access between Dev and Production Servers
just take a copy of the live database and remove all sensitive data from it. either remove all data and replace with demo data, or just run a query that replaces the sensitive data with something else. On Sat, Jan 28, 2012 at 10:15 PM, Mike Chabot mcha...@gmail.com wrote: Putting production data source connections on the development server is a practice you should avoid. I cringe whenever I see developers do this. Having the development DSN on the production server is less risky. Another path would be having the two databases linked at the database level and use database code to copy objects between servers, possibly triggered by a command issued by a Web UI. Database security is easier to control at the database level, and you wouldn't have to expose the production dsn on the dev Web server. I can't think of too many examples where you would want to copy production data to development using a ColdFusion Web GUI. I use specialized database tools or scripts, with no UI, when transferring database data between environments. If you really need this ability through a ColdFusion application, then having a password prompt is a bit better than using an embedded password. -Mike Chabot On Sat, Jan 28, 2012 at 4:02 PM, Brook Davies cft...@logiforms.com wrote: Hello, I'm setting up a new environment and I would like to have the ability, through a web UI to copy objects from our production database (separate server) to a development/debugging database (separate server). My question is not about how to implement this but rather whether this is bad practice. It would involve exposing the production database on the dev server (via a datasource mapping in the cfadmin). This would mean that any developer that is using our dev server (my concern is contractors..) would be able to write a query against the production database and potentially download sensitive data. How to people handle this type of risk? One idea I had was to not hardcode the database username/password in the CFadmin and instead prompt for it when accessing this specific tool through the web UI. Does that sound like a reasonable means of protecting the data in the production database from developers working on the development server? Anybody have better ideas? Brook ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349660 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Best Practice question about database access between Dev and Production Servers
Generally, it is pretty bad practice to copy production data to any other network. You would most definitely not pass a SaaS 70 audit if they found that you were doing it. You would also not pass the same audit if they found that all of your developers had direct access to that data without going through permission granting hoops. That said, you may not have a need to worry about it if your data isnt really that sensitive in the first place. In which case, I think domain authentication would be the better way to govern the access. When people leave or contracts expire, the removal of their domain accounts would cover removing the DB access. Otherwise, you may find yourself managing the accounts individually for everything or changing the password every time someone leaves. Another option, which Russ mentioned, is scrubbing the data before copying it down to the dev network. Of course, you'd want to do that on the production network BEFORE copying it down to the other network. I have seen people do the scrubbing AFTER the move... which is kind of pointless. Just some things to think about. .:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com -Original Message- From: Brook Davies [mailto:cft...@logiforms.com] Sent: Saturday, January 28, 2012 4:02 PM To: cf-talk Subject: Best Practice question about database access between Dev and Production Servers Hello, I'm setting up a new environment and I would like to have the ability, through a web UI to copy objects from our production database (separate server) to a development/debugging database (separate server). My question is not about how to implement this but rather whether this is bad practice. It would involve exposing the production database on the dev server (via a datasource mapping in the cfadmin). This would mean that any developer that is using our dev server (my concern is contractors..) would be able to write a query against the production database and potentially download sensitive data. How to people handle this type of risk? One idea I had was to not hardcode the database username/password in the CFadmin and instead prompt for it when accessing this specific tool through the web UI. Does that sound like a reasonable means of protecting the data in the production database from developers working on the development server? Anybody have better ideas? Brook ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349661 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Access database - Access Problem
Hi All, I am trying to read an access database that is in a shared folder on our network.When I try to set up a DSN I get this error Connection verification failed for data source: Elms []java.sql.SQLException: [Macromedia][SequeLink JDBC Driver][SequeLink Server]Required user name is missing. The root cause was that: java.sql.SQLException: [Macromedia][SequeLink JDBC Driver][SequeLink Server]Required user name is missing. If I use the default database username I get the following Connection verification failed for data source: Elms []java.sql.SQLException: [Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft Access Driver] The Microsoft Jet database engine cannot open the file '(unknown)'. It is already opened exclusively by another user, or you need permission to view its data. The root cause was that: java.sql.SQLException: [Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft Access Driver] The Microsoft Jet database engine cannot open the file '(unknown)'. It is already opened exclusively by another user, or you need permission to view its data. The database is not opened by another user?My windows username has access to that share, I tried having coldfusion log on as me to do the task but that didn't work either. The database also does not have a user name or password. What I am I doing wrong? Mike [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Access database - Access Problem
From: Mickael I am trying to read an access database that is in a shared folder on our network.When I try to set up a DSN I get this error Connection verification failed for data source: Elms []java.sql.SQLException: [Macromedia][SequeLink JDBC Driver][SequeLink Server]Required user name is missing. The root cause was that: java.sql.SQLException: [Macromedia][SequeLink JDBC Driver][SequeLink Server]Required user name is missing. Check a couple of things: 1) Nobody has it in design mode on a table you're trying to use - that causes MAJOR problems in Access 2) The username and password are in the DSN settings and your CFQUERY Access is awfully picky about being used as a server database, mainly because it's not designed to be used for that - it's a desktop application and likes doing that... [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Access database - Access Problem
Hi Philip, I am the only one working on the database, too early for anyone else :).The Database didnot have a user name or password assigned to it.Is there a default password that Access assigns? - Original Message - From: Philip Arnold To: CF-Talk Sent: Monday, March 22, 2004 8:21 AM Subject: RE: Access database - Access Problem From: Mickael I am trying to read an access database that is in a shared folder on our network.When I try to set up a DSN I get this error Connection verification failed for data source: Elms []java.sql.SQLException: [Macromedia][SequeLink JDBC Driver][SequeLink Server]Required user name is missing. The root cause was that: java.sql.SQLException: [Macromedia][SequeLink JDBC Driver][SequeLink Server]Required user name is missing. Check a couple of things: 1) Nobody has it in design mode on a table you're trying to use - that causes MAJOR problems in Access 2) The username and password are in the DSN settings and your CFQUERY Access is awfully picky about being used as a server database, mainly because it's not designed to be used for that - it's a desktop application and likes doing that... [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Access database - Access Problem
From: Mickael I am the only one working on the database, too early for anyone else :).The Database didnot have a user name or password assigned to it.Is there a default password that Access assigns? Not Access, but the datasource username and password in the CFAdmin Just in case these are wrong - although it's been quite a few years since I've used Access as a datasource, so I'm going from memory here [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Access database - Access Problem
What is strange it that is works fine on CF5 and only errors on CFMX. - Original Message - From: Philip Arnold To: CF-Talk Sent: Monday, March 22, 2004 8:51 AM Subject: RE: Access database - Access Problem From: Mickael I am the only one working on the database, too early for anyone else :).The Database didnot have a user name or password assigned to it.Is there a default password that Access assigns? Not Access, but the datasource username and password in the CFAdmin Just in case these are wrong - although it's been quite a few years since I've used Access as a datasource, so I'm going from memory here [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Access database - Access Problem
I am trying to read an access database that is in a shared folder on our network. If the CFMX service is running as SYSTEM, it won't be able to see network shares. You'll need to run CFMX as a user with permissions to network resources. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
SQL 7 Database Access From Solaris Version of CF
We are evaluating how our websites run on NT versus Solaris. What do I need on the CF/Solaris side to connect with my NT/SQL7 Database? I tried using the Merant default MSSQL Driver and it can verify the datasource but it does not get any data and throws errors when the page is executed. Any Help? Thanks Robert Forsyth Director of Web Operations Irides, LLC Phone: 202-364-7831 Fax: 202-364-2481 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Database access problem
If you're using Win98 there is fix at the Allaire site that might fix the problem. -- Tim Bahlke thinkcreate.com P: 336.230.0575 -Original Message-- From: "Peter Tilbrook" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: May 16, 2000 11:05:03 PM GMT Subject: RE: Database access problem Have you installed the Microsoft Data Access software? (see http://www.microsoft.com/data). Also have you already setup your ODBC connections? : quoted-printable Hi! My problem is that when I try to access to my database from the = Studio 4.5 resource tab, in localhost, i get an error message "the = connection to the server cannot be established". Server Enterprise is = running and the test installation is OK. Please, help! Thanks in advance. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. --- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Database access problem
I am not sure but I think your problem lies in the CF Server,there you will have to got to the CF ADMINISTRATOR and then go to basic security Here you will be having 2 opyions out of which one will be "Use a ColdFusion Studio Password ",uncheck this Hope this helps you --Original Message-- From: "Peter Tilbrook" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: May 16, 2000 11:05:03 PM GMT Subject: RE: Database access problem Have you installed the Microsoft Data Access software? (see http://www.microsoft.com/data). Also have you already setup your ODBC connections? : quoted-printable Hi! My problem is that when I try to access to my database from the = Studio 4.5 resource tab, in localhost, i get an error message "the = connection to the server cannot be established". Server Enterprise is = running and the test installation is OK. Please, help! Thanks in advance. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. --- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Database access problem
This is a multi-part message in MIME format. --=_NextPart_000_00C4_01BFBF42.643058A0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi! My problem is that when I try to access to my database from the = Studio 4.5 resource tab, in localhost, i get an error message "the = connection to the server cannot be established". Server Enterprise is = running and the test installation is OK. Please, help! Thanks in advance. --=_NextPart_000_00C4_01BFBF42.643058A0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" HTMLHEAD META content=3D"text/html; charset=3Dwindows-1252" = http-equiv=3DContent-Type META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVFONT face=3DArial size=3D2 DIVFONT face=3DArial size=3D2Hi!/FONT/DIV DIVnbsp;/DIV DIVFONT face=3DArial size=3D2nbsp;nbsp;nbsp; My problem is that = when I try to=20 access to my database from the Studio 4.5 resource tab, in localhost, i = get an=20 error message "the connection to the server cannot be established". = Server=20 Enterprise is running and the test installation is OK. Please,=20 help!/FONT/DIV DIVnbsp;/DIV DIVFONT face=3DArial size=3D2nbsp;nbsp;nbsp; nbsp;nbsp;nbsp;=20 nbsp;nbsp;nbsp; nbsp;nbsp;nbsp; nbsp;nbsp;nbsp; Thanks in=20 advance./FONT/DIV DIVnbsp;/DIV/FONT/DIV/BODY/HTML --=_NextPart_000_00C4_01BFBF42.643058A0-- -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Database access problem
Have you installed the Microsoft Data Access software? (see http://www.microsoft.com/data). Also have you already setup your ODBC connections? : quoted-printable Hi! My problem is that when I try to access to my database from the = Studio 4.5 resource tab, in localhost, i get an error message "the = connection to the server cannot be established". Server Enterprise is = running and the test installation is OK. Please, help! Thanks in advance. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Database Access
I am designing a system where users log in to see data and can update add and delete the data. What I was wondering is whether or not it is possible to tell which user id has edited the database. For instance, is it possible for a user to access the database according to his/her user id and password rather than using the default user id and password given by the coldfusion server. Or is it possible to write directly to the logs on the database itself with the user name and password of the user who has done the update etc. Any help will be greatly appreciated, Thanks in advance, Mark Jones [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Database Access
Mark, What I would do is add a column in the table to store the identity of the user who updates the relative row. When the user first accesses the site, get them to log in and then you can hold an account, or you could just set a cookie with a unique ID. Then when adding to the database just throw that unique ID into the new column. If you set up an account with users details on it you can put that in a different table which gives their unique ID as a key so you'll be able to cross reference it later on. Hope this helps Taz - Original Message - From: "Mark Jones" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 29, 2000 4:03 PM Subject: Database Access I am designing a system where users log in to see data and can update add and delete the data. What I was wondering is whether or not it is possible to tell which user id has edited the database. For instance, is it possible for a user to access the database according to his/her user id and password rather than using the default user id and password given by the coldfusion server. Or is it possible to write directly to the logs on the database itself with the user name and password of the user who has done the update etc. Any help will be greatly appreciated, Thanks in advance, Mark Jones [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
