EasyCFM.COM ColdFusion Forums / Good Coding Tips! / Where to store DSN username and password

   Reply to Discussion | New Discussion << previous || next >> 
Posted By Discussion Topic: Where to store DSN username and password

book mark this topic Printer-friendly Version  send this discussion to a friend  new posts last

Lendo
03-30-2007 @ 7:31 AM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
New Member
Posts: 5
Joined: Mar 2007

Dear all,

I'm about to develop a new application with Coldfusion and MySQL. Of course, you want this to be as secure as possible.

It is good practice they say not to hardcode the DSN, username and password in your webpages. Makes sense. But you can't put them in a database, since to access this info, you need to get to the database first, hence need a username and password for that.

So I thought of encrypting it and putting the encrypted version in the page. And when needed, decrypt it. Of course with GenerateSecretKey, otherwise I have to put the key there and it's again not safe.

But is this a good solution, or is it still not safe? Or is putting this sensitive info unencrypted in the Application.cfm safe enough?

Any suggestions on how to store my DSN, usernames and passwords for database access in my application is most welcome.

Kind regards,
Lendo

Webmaster
03-30-2007 @ 9:20 AM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
Administrator
Posts: 4542
Joined: Jan 2002

are you building this as an application to live in a shared server or a "dedicated" server?

Pablo Varando
Senior Application Architect
EasyCFM.COM, LLC.

904.483.1457 \\ mobile
webmaster@easycfm.com \\email

Lendo
03-30-2007 @ 9:46 AM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
New Member
Posts: 5
Joined: Mar 2007

Hi,

thanks for your quick response.

It will live on a shared server, but with a fixed ip address.

Kind regards,
Lendo

CJ
03-30-2007 @ 1:04 PM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
Administrator
Posts: 4262
Joined: Oct 2002

does your host give you the option of storing the username and password in the DSN connection/settings itself?

most hosts use a control panel (like HELM) to allow you to set up DSNs.  in many of these control panel apps, you store the username/pw in the dsn setup itself, which means you don't need to store it in the code.

-CJ-
@ #coldfusion/DALNet
http://charlie.griefer.com

Teachers open the door. You enter by yourself.
—Chinese Proverb

Lendo
03-30-2007 @ 3:50 PM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
New Member
Posts: 5
Joined: Mar 2007

True. I checked and that is indeed the case. Should have explored that alley first I guess, before sticking to the theory Smile

Thanks for the advice guys. You may hear more from me.

Cheers and have a nice weekend.


Website Designed and Developed by Pablo Varando.