Thanks Dave. I think it's beginning to sink in. In answer to your question, I never trust my users!
On Thu, Aug 13, 2015 at 4:17 PM Dave Cragg <dcr...@lacscentre.co.uk> wrote: > > > On 13 Aug 2015, at 23:56, Peter Haworth <p...@lcsql.com> wrote: > > > > Thanks Dave. That's good info. > > > > My questions are specifically related to mySQL which is able to accept > > remote connections by design. > > Sorry if I wasn't clear. I was suggesting that it's generally a bad idea > to allow remote connections. This would allow brute force attacks. > (Guessing user names and passwords) > > > > > I see your point about passing the credentials but, as mentioned to Bill, > > doesn't opening the database connection using SSL take care of that? > Same > > for your point 3. > > It wasn't so much the passing of credentials, but how to keep the > credentials private. I was imagining a case where the same credentials were > shared by all instances of your application. How are they stored in the > application. Can a user discover them? If so, the user can access the > database directly using the command line or a MySQL utility application > (e.g. Navicat) and bypass any sanitizing used by your application. Do you > trust your users? :-) > > > > > I also see your point about the need to update credentials on each > client. > > Don't have a follow up on that one :-) > > > > I do like the idea of only a single connection to the db from the server > > side script. But don't you then start getting into multiple thread > issues > > for performance reasons? > > I've never really thought about that. I've never experienced such a > problem. > > > > > Once again, just trying to understand all the implications before going > > down the wrong path. > > A good idea. It's also let me review why I set things up the way I do. > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
