[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    Re: [PHP] Security/Development Question
From:       tedd <tedd.sperling () gmail ! com>
Date:       2010-04-29 13:05:51
Message-ID: p06240800c7ff32cc4a88 () [192 ! 168 ! 1 ! 102]
[Download RAW message or body]

At 4:54 PM -0400 4/28/10, David Stoltz wrote:
>My concern is passing SQL queries in this way is not best practice - am
>I wrong? Please let me know how you would react to this?

David :

First, you are not wrong.

Second, that's exactly the type of security risk you want to protect 
yourself from.

Third, never trust anything coming from client-side (i.e., POST, GET, 
or COOKIE).

Now, they (the vendor) can throw all the layers of confusion/nonsense 
(it's SSL, APS.NET, or will happen later) on this as they want, but 
the point remains this is permitting client-side access to a database 
and that is NOT good.

Cheers,

tedd

-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]