Bob Sneidar wrote: > I am not using a web server for this, I am communicating directly > with the SQL server. I understand that most people regard this as > a major no-no, but the information being stored is not confidential, > just names and addresses along with copier and network information.
If it's on an intranet not connected to the wild west of the Internet it's probably fine.
But if it is exposed to the Internet (read "networks of international crime rings who've hired hundreds of engineers with 160+ IQs and have vast botnets at their disposal), reads are the least of your concerns. More chilling is the prospect of writes.
MySQL is very powerful. Pwnership of the machine - and possibly anything that connects to it - is a risk.
In most cases no one wants our data. What they're often after is more nodes for their botnets that they can rent to their underworld clients.
I'm no security expert, which is why I tend to be cautious. But the security consultants in my local Linux user group are downright paranoid, so maybe caution's not a bad thing. :)
LC Server does take a bit of learning, but the convenience it provides for not just this project but many others can make it well worth taking one step back for the three steps forward it'll help deliver.
-- Richard Gaskin Fourth World Systems Software Design and Development for the Desktop, Mobile, and the Web ____________________________________________________________________ ambassa...@fourthworld.com http://www.FourthWorld.com _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
