Datasource security

Report · Oct 28, 2011

We have a datasource that must read and write to a database. The database contains secure information. All team developers have access to the code and can see the datasource name which is a security concern. We'd like to limit this to one or two developers. Options we've considered are limiting access to the directory where the code is located so only a few will see the datasource name. Anyone have any other ideas or know of other options within ColdFusion to secure? Since the password is located in the CF administrator we wouldn't want any developer to write a snippet of code to read the information just by knowing the datasource name.

Report · Oct 29, 2011

If you need to control data at what is essentially the query level, then as far as I know there's only one way of doing it - add in an extra data layer.

Get your two trusted developers to create a separate site with a load of webservices that connect to your database, get the data (and *only* the data) they're after, and return it to them. That way your *untrusted* developers don't have access to the database at all.

You can't really limit access to directories or config files, because as soon as they have access to code they could write a quick CF page which scans the harddisk and reads the files - by its very nature CF *must* have read access to everything it needs. ColdFusion just doesn't have the concepts you're after really, so I'd say it's time to make it two different sites.

Report · Nov 08, 2011

An alternate solution would be to use dummy data in your development enviroment and not grant developers access to production data.