Database error?
Dr. Hawkins
dochawk at gmail.com
Sat Apr 11 11:41:15 EDT 2015
On Sat, Apr 11, 2015 at 8:27 AM, Peter Haworth <pete at lcsql.com> wrote:
> SQL injection attacks alter the SQL statements sent by a valid user so the
> attacker doesn't need to know a username/password.
>
But they would need the encryption key, too.
mySQL *can* be set to take only secure connections, can't it? Postgres
can, but runrev inexplicably hasn't seen fit to add the line of code to
allow this connection to be made; only for mySQL
> Even more scary is how hackers can get into a system using a "I forgot my
> password" form with SQL injection, lots of examples on the web.
>
But https solves that, doesn't it?
--
Dr. Richard E. Hawkins, Esq.
(702) 508-8462
More information about the use-livecode
mailing list