In ColdFusion Securing Databases (part 1) we looked at restricting what sql statements can be run with a datasource and partitioning applications to use multiple datasources and multiple users to improve security. In this article we'll look at setting the permissions on the database tables.
Most ColdFusion applications I'm come across tend to use a single datasource or if they use more than one the same user credentials are used. As well as causing possible performance and scalability issues this can be a security risk.
It's quite easy to restrict what SQL statements a datasource will run with the ColdFusion administrator.
No matter how secure your server is there exists the potential for someone to upload their own pages or modify existing pages on the server via an exploit of some sort. How can you detect this or stop this from happening?
A little ColdFusion code can help detect modified or unknown pages and stop these pages from running.
Consider the following code that implements a simple login.
One of the issues with this is that the password is stored in the database as plain text. Anything with access to the database (including your ColdFusion application) could possibly be used to get a list of all users and their passwords.
