When you define your data sources for use with ColdFusion, don’t ever use the database administrator’s login (“sa” on SQL Server for example). With administrative access you greatly increase the chance of someone executing rogue SQL statements (like DROP table). Give the data source just the access it needs, and nothing more. (Applies to: ColdFusion All)

Leave a Reply