[RevServer tips] Spreading the load or why wise developers use asynchronous workflows
devin_asay at byu.edu
Wed Aug 4 17:46:39 CDT 2010
Thanks for the reply, Andre. While I've been doing simple HTML and web stuff for years, I'm still relatively new to the world of server-side apps and server scripting.
On Aug 4, 2010, at 3:53 PM, Andre Garzia wrote:
> Database communications such as SQL queries and logins should never cross
> networks. If the database server is running at a given host, then use a cgi
> at the same host as middleware to talk to it.
So SQL queries to DB servers, such as you can easily do from Rev stacks are inherently insecure? I've been doing this for years, so why am I even still alive!? ;-)
Don't get me wrong; I have no reason to doubt your judgment. I'm just surprised I've never heard this before. (Or maybe never paid attention.) The ability to access online DBs is touted as a major feature of the Rev desktop product, and I make heavy use of it.
What is the core issue--that when you send DB queries across network boundaries you're sending clear text? Does that mean if I use encryption or SSL in conjunction with DB calls I'm okay?
Sorry to belabor the question. I just want to make sure I understand so I can limit my exposure to risk. I know how to do DB calls from irev scripts on localhost, so I can easily avoid a potential security hole.
Humanities Technology and Research Support Center
Brigham Young University
More information about the use-livecode