Remote database access: Update
viktoras d.
viktoras at ekoinf.net
Thu Jun 11 13:16:26 EDT 2009
I am glad it helped! One handy option is to make a few copies of that
script each for different level of access. Eg. one q1.pl which allows
SQL SELECTs only, other q2.pl that allows UPDATEs and INSERTs, yet
another q3.pl which allows even more control over the database (DROPs,
CREATE's, etc). Just make sure passwords are different and the regular
expression in "unless" clause is updated with all the corresponding
suspicious patterns to prevent:
unless ($q=~m/pattern1_to_prevent|pattern2_to_prevent|etc.../i)
All the best!
Viktoras
Tereza Snyder wrote:
>
> Well, that victory was short-lived. The next day I couldn't get it to
> work again, and the security hole was preying on my conscience, so I
> decided to try one of the above suggestions. It took hours of research
> and failure to get a working cgi-bin on the server (Oh how I hate
> server administration! the only thing worse is working with an admin
> who won't let you do anything!). Finally both the Perl script and a
> Rev 3.5 cgi were saying hello, but the Perl script was already
> accessing the database so, considering the short timeline, I went with
> Viktoras' Perl solution, rather than be tempted into complexity. I'm
> hopeful that it will meet my needs in this project as the final
> deadline draws near.
>
> I'll be employing Trevor's advice next time when I really spread my
> wings (maybe) in this internet thingy.
>
> Thank you again,
>
> t
>
>
More information about the use-livecode
mailing list