Hi Kay,
Appreciate the input... I've wondered about mySQL's license, too.
Here is additional info. My catalog is an archive of the radio
and TV programs we've aired. We will create the database and add
to it bit by bit behind the scenes. No data will be input through
the web/browser -- strictly look ups: Find all programs from year
1999 that had Mr. Suzuki as a guest, and listen to them; that
sort of thing. I've got a simple test working ok with mySQL, but
no input validation yet.
Do I need input validation if the web interface is search only?
Also, I understand that the new LC server available on on-rev.com
can serve stacks. Would it be less hassle/security risk to use a
data stack, or even a big text file, as the database? We'll
probably max out at 10,000 records or so... not breaking a sweat
for a sql database. Manageable on a stack? Need UTF8 (Japanese)
which is working nicely with the web/mysql combo...
Any thoughts on validation needs for lookups only? And on using a
stack or text file for the data? (Hmmm... how does the LC server
handle variables - limit on size?)
Thanks!
Tim Selander
Tokyo, Japan
On 11/28/11 11:51 AM, Kay C Lan wrote:
Hi Tim,
Sounds like you and me are on the same par, so appreciate that I am no
expert in this field, but I was able to achieve something similar to what
you are doing through a lot of help from those on this List, either
directly from posts or indirectly from their websites.
My project involved no commercial or personal data, so your security
concerns are likely to be at a higher level than my solution, so RevIgniter
might be your best bet.
For me I simply set up two additional accounts in postgreSQL (beyond my
on-rev user account that has full Admin privileges), one that could add,
modify and delete records (but not tables or dbs) and another that could
only select records for viewing. I then set up two separate webpages, one
that was for the person who could add, modify and delete records, and a
completely separate webpage for the public to view the data.
As an additionally security step, whenever a record needed to be deleted,
the Admin User has to input certain key words, in certain key places in the
webform otherwise it will not be processed. With Rev and it's strength with
chunk expressions, looking for certain words in certain places is sooooo
easy. I only included this because the data involved should never need
deleting so for it to happen would be very unusual.
The biggest help I got was the example - Simple Form - on Sarah's site:
http://www.troz.net/onrev/
Once I crossed the hurdle of getting a web Form talking to On-Rev if my Rev
database code worked on my desktop db, I could generally figure out how to
get my on-rev code to talk to my on-rev db.
Also very helpful was stuff from Andre's site:
http://www.andregarzia.com/blog
Can't remember specifically what Andre's site helped me with, he does so
much both on his site and on this List it's like panning for gold, you know
you've struck it rich if Andre has the answer. I think his Bootstrapping a
CMS in 24h blog entry may have had some nuggets in it.
Finally Pierre answered a post I had to the List titled 'on-rev+postgreSQL'
which solved the missing part of the puzzle, how to add a little more
security with different users. I decided to move away from mySQL to
postgreSQL after reading so many mySQL license issues on this List, it
seemed postgreSQL just made all that headache go away. The only problem was
setting up additional users and their privileges wasn't as straight forward
as it was with mySQL.
Good luck.
On Sat, Nov 26, 2011 at 11:51 PM, Tim Selander<selan...@tkf.att.ne.jp>wrote:
Hi,
I'm beginning to learn how to use<?rev scripts to access mysql databases
on my on-rev.com account.
I am going to allow users to search a catalog, but no uploading and no
data entry or data editing...
What, if any, security problems do I need to consider? mySQL newbie...
Thanks,
Tim Selander
Tokyo, Japan
______________________________**_________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/**mailman/listinfo/use-livecode<http://lists.runrev.com/mailman/listinfo/use-livecode>
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
