Database error?

Dr. Hawkins dochawk at gmail.com
Sat Apr 11 11:41:15 EDT 2015


On Sat, Apr 11, 2015 at 8:27 AM, Peter Haworth <pete at lcsql.com> wrote:

> SQL injection attacks alter the SQL statements sent by a valid user so the
> attacker doesn't need to know a username/password.
>

But they would need the encryption key, too.

mySQL *can* be set to take only secure connections, can't it?  Postgres
can, but runrev inexplicably hasn't seen fit to add the line of code to
allow this connection to be made; only for mySQL


> Even more scary is how hackers can get into a system using a "I forgot my
> password" form with SQL injection, lots of examples on the web.
>

But https solves that, doesn't it?


-- 
Dr. Richard E. Hawkins, Esq.
(702) 508-8462



More information about the use-livecode mailing list