Examples of encryption for database access

Kee Nethery kee.nethery at elloco.com
Thu Jun 28 15:35:34 EDT 2018


On Jun 28, 2018, at 9:17 AM, William Prothero via use-livecode <use-livecode at lists.runrev.com> wrote:

> Another question I have is the best way to process the input text to eliminate injection type attacks.

I have a series of functions that filter out everything but ...

digitsOnly() <- deletes everything other than 0 through 9

moneyOnly() <- deletes all but 0 through 9, period, minus sign

emailOnly() <- only keeps stuff that has the format of an email

alphaOnly() <- tosses everything outside of a-z and A-Z

noQuoted() <- anything containing a quote is set to empty. For example no username or password should ever contain a quote.

I only use a filtered version of the data provided by a user. I’ll write custom filters if needed. This applies to desktop apps and web apps. 







More information about the Use-livecode mailing list