Deal with "n-tiers" security tasks is't that hard and has more to do with design than pure technical tasks
Here could be the main principles : 1.- the client app is used by a trustable user connected via login:pass and/or a session token that identifies the client application against the cgi/server 2.- the cgi/server just can't hear any untrusted connection (no token = exit to top) 3.- as long as the cgi/server receive a trustable POST/GET request, a couple "key-value" let the cgi/server know what kind of SQL request build and provide to the SQL server (the SQL request don't come from the client app over the internet connexion). At this point, a SQL lib alike SQLYoga can help to see how to go head even if all the needed functions/commands/messages are available from the standard Rev-Server and LC-Server (4.62/5.02) 4.- the SQL stuff is handled there and the response to the client POST/GET request is returned to the right sender (as pure unfishible data by anyone who would want to boomerang them against the server). This kind of security design is the one to prefer in any saas services context. It can become by it self so rock solid that even SSL will not be able to add an useful security layer to a well-build n-tiers two levels strong authentication system. Last but not least, LC is really very strong and usable in such kind of tasks. PS : Any server connected to the public internet has to deal (as an average) with 7/12 months / year with cracking robots searching to get hand of them --> both servers and server hosted applications security really matters... Le 18 août 2012 à 07:12, Dr. Hawkins a écrit : > On Fri, Aug 17, 2012 at 8:14 PM, Peter Haworth <p...@lcsql.com> wrote: >> The issue isn't less likely, you just have to be less smart than the >> hackers who know how to hack into this stuff, and most of us are :-) > > Yeah, that's what worries me. > > I don't see how an intermediary layer that I or someone else writes > increases security. > > I *can* see how it increases deniability for the host, though :) > > -- > The Hawkins Law Firm > Richard E. Hawkins, Esq. > (702) 508-8462 > hawkinslawf...@gmail.com > 3025 S. Maryland Parkway > Suite A > Las Vegas, NV 89109 > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode -- Pierre Sahores mobile : 06 03 95 77 70 www.sahores-conseil.com _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
