L W wrote: Dear Sir, Please do forward a Google Wave Invitation to lvw.iv4 (at) gmail (dot) com, at your earliest convenience?
Much appreciated!
Nov. 30, 2009 03:56 PM EST
| By Charlie Arehart | Article Rating: |
|
| September 17, 2003 12:00 AM EDT | Reads: |
6,191 |
.jpg)
If you're using Microsoft Access as the datasource for a CF application, you should be very careful about the placement of that database file (the .mdb file) on your web server. It's very tempting to simply place it in the same directory as the application's CF templates, but this would be a potentially grave mistake. If someone can determine (or guess) the name of the file, they can download it very easily via their browser by entering a URL with that directory and file name. The risk to your data, especially any privacy data, is substantial!
The simple solution is to place the file anywhere else on the web server which is not a web-accessible directory. Keep in mind that the database needs only to be accessed by the CF server, not by a browser user directly. The datasource definition in the CF administrator can find the file anywhere on the CF server. There's no benefit--and this tremendous risk--in placing the file in a web accessible directory.
Charlie Arehart
Fig Leaf Software
- Validating Input with Regular Expressions
- Getting Focus()ed and a Quick JavaScript Lesson
- Setting Up Your Development Server with ColdFusion 5, MX, and BlueDragon
- Toward Better Error Handling
- Monitoring Your ColdFusion Environment With the Free Log Parser Toolkit
- New Possibilities for Session/Client Variable Handling in CFMX
- Testing Existence in Arrays
- Making the Case for CFML on J2EE
- Exploring Amazon Web Services with ColdFusion MX
- Getting Focused - and a Quick JavaScript Lesson
- CFML on J2EE: Easy as 1-2-3
- Getting into HomeSite+
