This content has been marked as final. Show 4 replies
> datasource name, he could write a CF form to read/write these data in Oracle,
> right ?
Only if the person has access to the file system on your CF server. If
they DO, then that's a bigger security problem than someone finding out the
name of your DSN.
If you are using a dedicated server, then the risk is minimal. If you are using a shared server, then your concern is very valid as your only security is keeping the DSN secret which can be difficult because I have seen at least two ways to basically pull a directory of DSN's and I don't know if sandbox techniques can prevent this (someone else might know better).
On a shared environment, I believe sandboxing will fix this.
Thank you !
Could you tell me more about it (or send me to the source) ??