[prev in list] [next in list] [prev in thread] [next in thread]
List: php-general
Subject: Re: [PHP] Security/Development Question
From: tedd <tedd.sperling () gmail ! com>
Date: 2010-04-29 13:05:51
Message-ID: p06240800c7ff32cc4a88 () [192 ! 168 ! 1 ! 102]
[Download RAW message or body]
At 4:54 PM -0400 4/28/10, David Stoltz wrote:
>My concern is passing SQL queries in this way is not best practice - am
>I wrong? Please let me know how you would react to this?
David :
First, you are not wrong.
Second, that's exactly the type of security risk you want to protect
yourself from.
Third, never trust anything coming from client-side (i.e., POST, GET,
or COOKIE).
Now, they (the vendor) can throw all the layers of confusion/nonsense
(it's SSL, APS.NET, or will happen later) on this as they want, but
the point remains this is permitting client-side access to a database
and that is NOT good.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic