encrypt storage

[Richard Gaskin]

Bob Sneidar wrote:

 > I am not using a web server for this, I am communicating directly
 > with the SQL server. I understand that most people regard this as
 > a major no-no, but the information being stored is not confidential,
 > just names and addresses along with copier and network information.

If it's on an intranet not connected to the wild west of the Internet 
it's probably fine.

But if it is exposed to the Internet (read "networks of international 
crime rings who've hired hundreds of engineers with 160+ IQs and have 
vast botnets at their disposal), reads are the least of your concerns. 
More chilling is the prospect of writes.

MySQL is very powerful.  Pwnership of the machine - and possibly 
anything that connects to it - is a risk.

In most cases no one wants our data.  What they're often after is more 
nodes for their botnets that they can rent to their underworld clients.

I'm no security expert, which is why I tend to be cautious.  But the 
security consultants in my local Linux user group are downright 
paranoid, so maybe caution's not a bad thing. :)

LC Server does take a bit of learning, but the convenience it provides 
for not just this project but many others can make it well worth taking 
one step back for the three steps forward it'll help deliver.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com