In general it is not advised to directly connect to databases over the Internet and it is considered better practice to front your db access through an http interface (which you could equally well implement in LC server running and connecting locally to the db on the server).
One reason to do this is that it helps separate the db from the API used to access it. This reduces the 'surface area of attack' to just the specific HTTP API you develop for your client to connect to. It also means you can separate the API from the DB scheme, making it easier to evolve, maintain and update. Another reason (which is perhaps getting slightly less important as tech evolves) is that public wifi access points can restrict which ports you can access with some only allowing mail and web service access. As MySQL and other services will run on other ports to these, they would be inaccessible in some locations. If this is an application running on a local network which can be secured itself the main reason would just be structure - ie the separation of the backend storage implementation from the API clients vector through to perform their functions. Mark. Sent from my iPhone > On 13 Aug 2015, at 18:16, Peter Haworth <p...@lcsql.com> wrote: > > What are the pluses and minuses you get from using php as a middleman to > access a mySQL database on a server versus accessing the mySQL database > directly from LC? > > Web sources typically mention two main benefits: php runs on any platform, > and it's easier to create dynamic web pages. I think the first one really > has to do with using php over any other server side language rather than > direct vs indirect db access. > > So assuming I have a Livecode application that does not generate dynamic > web pages, what other reasons might there be to use php (or not)? And if I > do use php, how do I protect against sql injection attacks? > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
