iRev database access security question

Jonathan Lynch jonathandlynch at gmail.com
Fri Feb 10 19:14:06 EST 2012 

Thanks guys, I think I can figure out the details from there.

Take care :)

J

On Fri, Feb 10, 2012 at 8:19 AM, Martin Baxter <
mblivecode at harbourhosting.co.uk> wrote:

> Hi Jonathan,
>
> Sensible questions actually.
>
> I would expect the situation to be the same as with php. In that
> situation, if php crashes or becomes unavailable for some reason, and
> precautions have not been taken, the webserver will serve the source
> script rather than its output. I expect this applies to irev too.
>
> It is usual to store database connection credentials in an include so it
> can be accessed by multiple pages. If the hosting setup allows for
> includes to be stored above webroot where the webserver has no access
> but the scripting language does, then includes should be placed there.
>
> If storage above webroot is not possible, keep includes in their own
> directory having an htaccess (assuming apache) as follows:
>
> <files "*.*">
> order allow,deny
> deny from all
> </files>
>
> This bars the webserver from accessing any files in the directory, but
> does not bar the scripting engine. I expect that would work with irev too.
>
> Martin Baxter
>
> On 10/02/2012 12:18, Jonathan Lynch wrote:
> > Hi everyone,
> >
> > If I have an iRev page that is going to access a database, I have to
> > use a database query that includes the user name and password. Is it
> > safe to put that information directly into the iRev page? That seems
> > risky to me.
> >
> > If I put the information into another page and I use a script to pull
> > in the information, wouldn't a hacker be able to look at the script,
> > learn the location of the other page, and then directly access that
> > page?
> >
> > I realize that the scripts on an iRev page do not show up when you
> > view the source of the page through a browser. Does this mean that
> > the script information on an iRev page is genuinely secure?
> >
> > I appologize if these are ignorant questions.
> >
> > Many thanks,
> >
> > Jonathan
> >
>
>
>  _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



-- 
Do all things with love

More information about the use-livecode mailing list