Database error?

Dr. Hawkins dochawk at
Sat Apr 11 11:41:15 EDT 2015

On Sat, Apr 11, 2015 at 8:27 AM, Peter Haworth <pete at> wrote:

> SQL injection attacks alter the SQL statements sent by a valid user so the
> attacker doesn't need to know a username/password.

But they would need the encryption key, too.

mySQL *can* be set to take only secure connections, can't it?  Postgres
can, but runrev inexplicably hasn't seen fit to add the line of code to
allow this connection to be made; only for mySQL

> Even more scary is how hackers can get into a system using a "I forgot my
> password" form with SQL injection, lots of examples on the web.

But https solves that, doesn't it?

Dr. Richard E. Hawkins, Esq.
(702) 508-8462

More information about the use-livecode mailing list