cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

ColdFusion application and security problem

GaryNY
New Here ,
Jul 11, 2006 Jul 11, 2006

Copy link to clipboard

Copied

Hi !
I have an application working with Oracle DB. I defined the datasource in Application.cfm file and use it everywhere as an application variable. Seems that this could create a security problem: if somebody will find out the datasource name, he could write a CF form to read/write these data in Oracle, right ? It does not matter that only authorized users have access to the database through the application.
Anybody solved this before ? How to protect the datasource ?
Thanks a lot in advance,
Gary.
TOPICS
Advanced techniques

Views

419

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
Newsgroup_User
LEGEND ,
Jul 11, 2006 Jul 11, 2006

Copy link to clipboard

Copied

> datasource name, he could write a CF form to read/write these data in Oracle,
> right ?

Only if the person has access to the file system on your CF server. If
they DO, then that's a bigger security problem than someone finding out the
name of your DSN.

--
Adam

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Steve Sommers
Advocate ,
Jul 12, 2006 Jul 12, 2006

Copy link to clipboard

Copied

If you are using a dedicated server, then the risk is minimal. If you are using a shared server, then your concern is very valid as your only security is keeping the DSN secret which can be difficult because I have seen at least two ways to basically pull a directory of DSN's and I don't know if sandbox techniques can prevent this (someone else might know better).

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
dpretlor
Explorer ,
Jul 12, 2006 Jul 12, 2006

Copy link to clipboard

Copied

On a shared environment, I believe sandboxing will fix this.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
GaryNY
New Here ,
Jul 12, 2006 Jul 12, 2006

Copy link to clipboard

Copied

LATEST
In Response To dpretlor
Thank you !
Could you tell me more about it (or send me to the source) ??
Gary.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices