Remote database access: Update

viktoras d. viktoras at ekoinf.net
Thu Jun 11 13:16:26 EDT 2009


I am glad it helped! One handy option is to make a few copies of that 
script each for different level of access. Eg. one q1.pl which allows 
SQL SELECTs only, other q2.pl that allows UPDATEs and INSERTs, yet 
another q3.pl which allows even more control over the database (DROPs, 
CREATE's, etc). Just make sure passwords are different and the regular 
expression in "unless" clause is updated with all the corresponding 
suspicious  patterns to prevent:
unless ($q=~m/pattern1_to_prevent|pattern2_to_prevent|etc.../i)

All the best!
Viktoras


Tereza Snyder wrote:
>
> Well, that victory was short-lived. The next day I couldn't get it to 
> work again, and the security hole was preying on my conscience, so I 
> decided to try one of the above suggestions. It took hours of research 
> and failure to get a working cgi-bin on the server (Oh how I hate 
> server administration! the only thing worse is working with an admin 
> who won't let you do anything!). Finally both the Perl script and a 
> Rev 3.5 cgi were saying hello, but the Perl script was already 
> accessing the database so, considering the short timeline, I went with 
> Viktoras' Perl solution, rather than be tempted into complexity. I'm 
> hopeful that it will meet my needs in this project as the final 
> deadline draws near.
>
> I'll be employing Trevor's advice next time when I really spread my 
> wings (maybe) in this internet thingy.
>
> Thank you again,
>
> t
>
>




More information about the Use-livecode mailing list