Ask a Question related to Macromedia ColdFusion, Design and Development.
-
sbsmithfl #1
Novice Q: security and application.cfm file
Greetings,
I am a low level cfmx programmer, trying to get smarter. I desire to get a
higher level of security, and ease of programming for my two clients. Until
now, I have been using dwmx to code queries on each page, inputing the dns
name, dsn username, dsn password each time. I'm certain there are easier
methods, and I have concocted this one (which I'm certain is not novel), and am
wondering if there is something undersireable about it:
1) In the application.cfm file, use cfset to establish the dsn name,
username, pass:
<cfset dsnname="namehere">
<cfset dsnusername="usernamehere">
<cfset dsnpass="passhere">
2) Then simply use
<cfquery name="Qnamehere" datasource="#dsnname#" username="#usernamehere#"
password="#passhere#">
....on each query location.
My question is,......is this easier?, is the application.cfm file secure
enough on a shared server to prevent this info from being accessible?, and is
there a better way?
Thanks for your help. Please remember that my ability is not great yet, and I
need things spelled out a little more.
Thanks,
Stephen
Tallahassee, FL
sbsmithfl Guest
-
Web Service and Application Security
My application software is deployed across two tiers; a WinForms workstation client and a Web Services layer. My application will require... -
Application Security
Hi All, I want to Identify the machine which will connect to my Web App so that I log it's transactions. I can not rely on the IP address since... -
Security Application Block
Anyone using the Security Application Block from the Enterprise Library? I have a rather embarassing situation where I've setup the database and... -
Setting up security on my web application
Hi all, My situation: - VB.net & Visual Studio 2002 - IIS 6.0 - Windows XP Pro (development) and Windows 2000 server (release) I created a... -
Re-architect application / security issue
I have an ASP.NET application that is currently split into 3 separate VS.NET projects. One project is the administration interface for creating... -
HairyDude #2 Re: Novice Q: security and application.cfm file
Hi,
yes, that is a better way to do it, as if anything changes you only have one
change in the application.cfm file to action. You cannot request
Application.cfm from the server, so it is secure, and the way most people work.
You may want to put the variables in the request scope though (or another
scope as appropriate). So you settings would be:-
<cfset request.dsnname="namehere">
<cfset request.dsnusername="usernamehere">
<cfset request.dsnpass="passhere">
<cfquery name="Qnamehere" datasource="#request.dsnname#"
username="#request.dsnusername#" password="#request.dsnpass#">
Hope that helps.
HairyDude Guest
-
Mike Greider #3 Re: Novice Q: security and application.cfm file
Do you have access to the administrator? If so, just put the username/password
in the dsn properties field. I would try to avoid putting sensitive
information, like passwords, in code. If there is a problem and someone can
figure out how to dump, like cfdump, your variables scope, your username and
password would be viewable.
So ... I'd just do everything in the administrator if possible. If not, you
can create a UDF with private (var) variables that contain the
username/password. Then create "getter" methods to access this information.
Then, inside of your cfquery, you can do something like this ...
<cfquery name="whatever" datasource="#dsnname#" username="#getDSNUsername()#"
password="#getDSNPassword()#">
Mike Greider Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
