ambassador at fourthworld.com
Thu Feb 5 19:52:40 CET 2015
Bob Sneidar wrote:
> I am not using a web server for this, I am communicating directly
> with the SQL server. I understand that most people regard this as
> a major no-no, but the information being stored is not confidential,
> just names and addresses along with copier and network information.
If it's on an intranet not connected to the wild west of the Internet
it's probably fine.
But if it is exposed to the Internet (read "networks of international
crime rings who've hired hundreds of engineers with 160+ IQs and have
vast botnets at their disposal), reads are the least of your concerns.
More chilling is the prospect of writes.
MySQL is very powerful. Pwnership of the machine - and possibly
anything that connects to it - is a risk.
In most cases no one wants our data. What they're often after is more
nodes for their botnets that they can rent to their underworld clients.
I'm no security expert, which is why I tend to be cautious. But the
security consultants in my local Linux user group are downright
paranoid, so maybe caution's not a bad thing. :)
LC Server does take a bit of learning, but the convenience it provides
for not just this project but many others can make it well worth taking
one step back for the three steps forward it'll help deliver.
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
Ambassador at FourthWorld.com http://www.FourthWorld.com
More information about the use-livecode