mySQL: PHP or direct access?
pete at lcsql.com
Thu Aug 13 23:44:10 CEST 2015
I agree that SQL doesn't have much in the way of data sanitizing but
Livecode does. I also agree that there must be a good reason why most of
the world uses server side scripting, just trying to understand exactly
what that is.
I've been under the impression that if I use the variableslist parameter
available with the revDatabasexxx calls, I'm protected from SQL injection
attacks. Even more so if I open the database connection using SSL. The
proverbial lightbulb will start to come on if that impression is wrong!
On Thu, Aug 13, 2015 at 2:27 PM Richard Gaskin <ambassador at fourthworld.com>
> Peter Haworth wrote:
> > It still seems to me that, once security matters are dealt with, the
> > of server side script versus direct connection is more a matter of
> > preferred application architecture more than anything else.
> Ah, but there's the rub, "once security matters are dealt with".
> Correct me if I'm wrong, but as a storage-specific language I don't
> believe SQL offers as much for sanitizing as PHP, Ruby, LiveCode, and
> other more general languages.
> I think there's a good reason most of the world protects their DBs from
> open exposure to the Internet via an intermediary scripting language,
> more than just for the convenience of making REST APIs.
> Richard Gaskin
> Fourth World Systems
> Software Design and Development for the Desktop, Mobile, and the Web
> Ambassador at FourthWorld.com http://www.FourthWorld.com
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
More information about the use-livecode