MySQL: PHP or direct access?
Ralph DiMola
rdimola at evergreeninfo.net
Thu Aug 13 21:17:44 EDT 2015
Dave,
Thanks for the clarifications.
I'm changing my app over to server side middleware using LC server and
opening one local connection to the MySQL DB.
My client/server model.....
1) The LC server script has the DB username/password and no one can see
that. That protects the DB.
2) LC scripts are not in the public_html folder tree. This keeps away prying
eyes.
3) The client uses https requests. I am assuming that the URL itself is
encrypted so any of the commands to my web service can't be sniffed.
4) All web service requests need a password parameter in the URL parameters.
This keeps anyone from issuing commands to the web service.
Am I missing anything security wise here?
Does this model eliminate the need for parameterized queries?
Can I send SQL from the client and be safe or do I need to set up some only
known to me data structure for DB requests?
Ralph DiMola
IT Director
Evergreen Information Services
rdimola at evergreeninfo.net
More information about the use-livecode
mailing list