ColdFusion 9 ORM does not respect security settings on the DSN

This post is more than 2 years old.

Now this this is surprising. During my first presentation on ColdFusion 9 and ORM, I was asked about security permissions on DSNs and how they impact ORM. So for example, if you go into the Advanced Settings of a DSN and only allow certain operations (Select, Update, etc), will that impact ORM? I told the attendee that I honestly wasn't sure, but that I'd assume it would.

Turns out I was completely wrong. I edited one of my examples so that only SELECT operations were allowed. But this had no impact on the ORM operations I was allowed to do. I could still update, delete, and insert.

As I said - surprising - but I'm guessing that the DSN security operations must be something that ORM just doesn't go through.

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate for HERE Technologies. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA