Restricting SQL priviliges in CF Admin

I’ve been thinking lately about ways to better secure my web apps, and noticed on the CF administrator page (under data sources) that if you select a data source, then click the Advanced Settings button, you can restrict what SQL commands are allowed for that data source.

Since all my web apps only read from the database and don’t modify data, couldn’t I just allow only the SELECT clause? It seems like that would make SQL injection attacks a lot more difficult, or am I missing something?

Of course I would still practice proper coding (using cfqueryparam, etc) but it seems like this would add yet another layer of security.

If all they need is SELECT then it seems like a very good idea to limit them to SELECT. Why not?

You still need to worry about SELECTing things you don’t want seen, but its less to worry about.

Thanks for the reply! :slight_smile: