tracker issue : CF-3039989

select a category, or use search below
(searches all categories and all time range)

Bug 79924:this

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Douglas Knudsen / Douglas Knudsen (Douglas Knudsen)

Created: 09/11/2009

Components: Database, General

Versions: 9.0

Failure Type: Unspecified

Found In Build/Fixed In Build: 0000 / 259816

Priority/Frequency: Normal / Unknown

Locale/System: English / Mac 10 All

Vote Count: 4


this.datasource was added to Application.cfc, very nice.  Many shared hosts or Enterprise setups require username and password to be added to EVERY CFQUERY call.  Applicaiton.cfc does not currently provide for this.  Further, the new ORM enhancements make use of this.datasource and thus in these types of setups ORM is unusable.  this.ormsettings does not expose these settings either.The request is to add: this.datasourceusernamethis.datasourcepassword

workaround IF possible is to set username and password in the DSN settings in CFAdmin.  In a hosting environement this is impossible.


----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3039989

External Customer Info:
External Company:  
External Customer Name: Douglas Knudsen
External Customer Email: 468D2F42445B92F69920157F
External Test Config: 09/11/2009



I work in a shared hosting environment and we have always shied away from putting database credentials into the DSN. This one would be most appreciated!
Vote by External U.
22879 | November 10, 2011 07:03:10 PM GMT
+1 vote: very good point. This definitely needs dealing with. -- Adam
Vote by External U.
22880 | November 10, 2011 07:03:11 PM GMT
Agree that this option should be included. Some may argue a security concern with hard coding the username/pass in somewhere. Bare in mind, the cfadmin hard codes it in a config file. Is that really any better since the encryption is so insecure? Bare in mind, just about every web application language (ASP, PHP, .NET, etc.) actually allows for that pattern and most people regardless of the security debate do hard code it in somewhere. CF has this logic for years in cfquery,etc. and many people use it. The developer should be allowed to make the security decisions with their coding, not Adobe. But at the same time, it's not necessarily about being hard coded. For example, some apps when requiring a login will validate it against the person's Windows Domain login which they then use to make the query calls (since it can also be linked up to SQL Server). This lets administrators have a single point of login and permissions for management.
Vote by External U.
22881 | November 10, 2011 07:03:12 PM GMT
Very good point. ABSOLUTELY necessary for shared hosting (and just all around a good idea).
Vote by External U.
22882 | November 10, 2011 07:03:13 PM GMT