This is my standard practice for ALL CF templates (except index.cfm in my
non-standard Fusebox style).
best, paul
At 08:30 AM 6/7/01 -0400, you wrote:
> you might
>consider moving all CFQUERYs into include files and storing the include
>files somewhere that's not web-accessible.
~~~
If on a shared server, and the server is not set up to use sandboxes to keep
different users from using each other's datasources, then putting the
userid/pwd in your .cfm files will better protect you from other users of
the server (assuming CFFILE is turned off). If sandboxes are in place, I
thi
Bud:
One recommended fix is:
WHERE ID = #VAL(URL.ID)#
best, paul
At 03:43 PM 6/6/01 -0400, you wrote:
> >Not necessarily true. Lets say you have a cfm page called test.cfm that
> >recieves an id via a url param and then selects data from it using select *
> >from where id= #id#. If I knew
On 6/6/01, Andy Ewings penned:
>Not sure I follow this?! How are they going to run a query against the db
>using ftp?
Well, if they can get in, they could put a file with a query into the
directory. Then load it in a browser.
> >A. You wouldn't be able to access the database without actually
:[EMAIL PROTECTED]]
Sent: 06 June 2001 15:30
To: CF-Talk
Subject: RE: Which SQL ODBC Login method?
On 6/6/01, Mark Warrick penned:
>My opinion is that using the CF Administrator to setup the username and
>password is the most secure way to do this for the very reason you pointed
>out - peop
On Wed, 06 Jun 2001 06:57:23 -0700, "Mark Warrick" <[EMAIL PROTECTED]> wrote:
>My opinion is that using the CF Administrator to setup the username and
>password is the most secure way to do this for the very reason you pointed
>out - people might be able to crack open the code and get that userna
On 6/6/01, Mark Warrick penned:
>My opinion is that using the CF Administrator to setup the username and
>password is the most secure way to do this for the very reason you pointed
>out - people might be able to crack open the code and get that username and
>password. You should be worried about
My opinion is that using the CF Administrator to setup the username and
password is the most secure way to do this for the very reason you pointed
out - people might be able to crack open the code and get that username and
password. You should be worried about other people on your shared box, not
8 matches
Mail list logo