http://coldfusion.com logo
Join Slack
Powered by
This the database cfconfig I've been using for a w...
# sql
d
This the database cfconfig I've been using for a while now. Does ACF/Lucee encrypt the connection? Does it use the SSL certificate that the server/website uses? And is it risky if my web server is in Amazon making direct sql connections to a database in Azure?
Copy code
"mydatasourcename": {
     ...
     "class": "macromedia.jdbc.MacromediaDriver",
     "database": "${db_database}",
     "dsn": "jdbc:macromedia:sqlserver://${db_host}:1433;databaseName=${db_database};SelectMethod=direct;sendStringParametersAsUnicode=false;querytimeout=0;MaxPooledStatements=100;jdbcbehavior=0",
     "host": "${db_host}",
     "password": "${db_password}",
     "port": "1433",
     "username": "${db_login}"
}
a
I would read up on how JDBC works in this regard. Forget about CF / Lucee as it'll be being handled at a layer below that. Sorry I can't actually tell you cos I've never needed to know. it's a good Q though.
👍🏾 1
z
You pass in paths/urls to the certs as jdbc params
👍🏾 1
s
EncryptionMethod=SSL to turn on, don't think it's on by default there's also ValidateServerCertificate=false if you don't need/want to validate the cert
👍🏾 1
d
sqlconnection-vs-webserver-api.jpg
the orange path or the green path? which path is a bigger security risk to the database?
my dev team is the same team working on the database, the api, and the web application at myotherapp.com. we don't really need an API because its not data we would share with other dev teams nor other organizations. I like the idea of my web app directly querying the database (orange path) instead of building a rest api (green path).
2 Views
Open in Slack
PreviousNext
Powered by