Skip to main content
B
brown
Participant
October 28, 2011
Question

Datasource security

  • October 28, 2011
  • 2 replies
  • 736 views

We have a datasource that must read and write to a database.  The database contains secure information.  All team developers have access to the code and can see the datasource name which is a security concern.  We'd like to limit this to one or two developers.  Options we've considered are limiting access to the directory where the code is located so only a few will see the datasource name.  Anyone have any other ideas or know of other options within ColdFusion to secure?  Since the password is located in the CF administrator we wouldn't want any developer to write a snippet of code to read the information just by knowing the datasource name.

This topic has been closed for replies.

2 replies

J
JR__Bob__Dobbs
Inspiring
November 8, 2011

An alternate solution would be to use dummy data in your development enviroment and not grant developers access to production data.

Owainnorth
Owainnorth
Inspiring
October 29, 2011

If you need to control data at what is essentially the query level, then as far as I know there's only one way of doing it - add in an extra data layer.

Get your two trusted developers to create a separate site with a load of webservices that connect to your database, get the data (and *only* the data) they're after, and return it to them. That way your *untrusted* developers don't have access to the database at all.

You can't really limit access to directories or config files, because as soon as they have access to code they could write a quick CF page which scans the harddisk and reads the files - by its very nature CF *must* have read access to everything it needs. ColdFusion just doesn't have the concepts you're after really, so I'd say it's time to make it two different sites.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices