[thesite] UEUE v.0.2 Update

[.jeff]

matt,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Warden, Matt
>
> > sure, but that problem is *way* simple to solve --
> > username and password on the database access.
>
> Eww. That username and password would be available in
> the source, eh?
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

uh, yeah.  what's your point?

if we can't trust those working on the source then who says we can trust
those working ueue?  that's not the problem though.  out of all the people
with access to t.e.o or m.e.o., how many of them have access to w.e.o.?
very, very few.

the point is that it'll stop anonymous access from m.e.o. accounts that
could happen right now.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> We're bound to eventually forget to take out the
> instances (would be every cfquery tag, no?) where we
> have the password in the code.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

we could variablize it therefore removing the need to alter anything.  we
can also move the username and password setting files to a separate file
that gets included into application.cfm, but never gets moved when the site
is taken live.  t.e.o.'s datasource could use a different password reducing
the number of people with access to w.e.o.'s datasource username/password
combination.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> And I don't want to ever have to say to a member "yeah
> you could help out, but i don't want you to see our
> database password, so no dice." And, if you *don't* say
> that, I think we get into screening issues.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

not an issue with t.e.o.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> So, IOW, it's *NOT* so easy to solve, IMO.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

sure it is.  you're just not willing to look at the obvious.

thanks,

.jeff

http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/