Database error?

[Peter Haworth]

I'm kinda curious about this too.

I assume the major risk is being subject to SQL injection attacks but I'm
under the impression that if you use the variable name option in the rev
database functions instead of including data values in an SQL statement,
you're protected against injection attacks.

I guess if the database username and password you use is the same as an
admin login for your site, that's definitely an issue but nobody would do
that.... would they?

Pete
lcSQL Software <http://www.lcsql.com>
Home of lcStackBrowser <http://www.lcsql.com/lcstackbrowser.html> and
SQLiteAdmin <http://www.lcsql.com/sqliteadmin.html>

On Fri, Apr 10, 2015 at 2:36 PM, J. Landman Gay <jacque at hyperactivesw.com>
wrote:

> On 4/10/2015 3:36 PM, shawnlc wrote:
>
>> In case A if your account was compromised then they'd have access
>> to everything in your account.  In case B if compromised they'd have
>> access
>> to all of your databases.
>>
>
> All this talk got me curious. I have an app that connects to a database.
> It currently has a strong password and an obscure login that isn't anyone's
> name or email. It has zero sensitive data; think of something like your
> personal jogging times, or a holiday calendar. Totally innocuous. You'd be
> comfortable posting it at a bus stop.
>
> What kind of risk would there be if someone were able to figure out the
> strong credentials it uses? We don't care if anyone sees the data itself,
> but if access were obtained would there be anything else the intruder could
> do?
>
> --
> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
> HyperActive Software           |     http://www.hyperactivesw.com
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>