Class Software - Database

ColdFusion Securing Databases (part 2)

Sun, 13 May 2007 06:42:00 +1000

In ColdFusion Securing Databases (part 1) we looked at restricting what sql statements can be run with a datasource and partitioning applications to use multiple datasources and multiple users to improve security. In this article we'll look at setting the permissions on the database tables. [More]

ColdFusion Database Indexes

Sat, 12 May 2007 09:00:00 +1000

The most common problem I've run into with applications slow performance is the lack of indexes on the databases. Sometimes this is just because the application ran fine with a small amount of data but now is working off a larger amount, or the application is being used in unexpected ways (running less 'common' queries run more often), or the production environment doesn't have the same indexes as the development environment or worse case the indexes were never created in the first place. Without indexes queries can take seconds with indexes they take milliseconds! [More]

ColdFusion Securing Databases (part 1)

Mon, 07 May 2007 16:25:00 +1000

Most ColdFusion applications I'm come across tend to use a single datasource or if they use more than one the same user credentials are used. As well as causing possible performance and scalability issues this can be a security risk. It's quite easy to restrict what SQL statements a datasource will run with the ColdFusion administrator. [More]

ColdFusion Database Pool Master/Slave(s)

Sun, 06 May 2007 12:50:00 +1000

Last week when I looked at databases pools I got a few suggestions re master/slaves databases. In this configuration you set up a single database (called the master) and have it replicate to one or more other databases (called the slaves). [More]

ColdFusion Database Pools and Resource Counting

Mon, 30 Apr 2007 00:12:00 +1000

With a discussion with Sammy he suggested that my ColdFusion database pool DSN component could be extended to select the current datasource with the least no of connections rather than just randomly picking one. Here's the modified code. [More]

ColdFusion RAID databases (or database pools)

Sat, 28 Apr 2007 16:30:00 +1000

You've tuned your databases queries, added all of the indexes you can think of and cached all of the queries you can but your database still isn't giving you the performance you need. So it's time to split up your database into several databases and move each of these new databases off onto separate database servers. Or perhaps a RAID database is the solution to your performance issues. [More]

ColdFusion Securely Storing Passwords

Sat, 31 Mar 2007 16:44:00 +1000

Consider the following code that implements a simple login.



select * from users
where name = '#form.login#' and password = '#form.password#'


// if login failed go back to login page

One of the issues with this is that the password is stored in the database as plain text. Anything with access to the database (including your ColdFusion application) could possibly be used to get a list of all users and their passwords. [More]