Dave, Thanks for the clarifications.
I'm changing my app over to server side middleware using LC server and opening one local connection to the MySQL DB. My client/server model..... 1) The LC server script has the DB username/password and no one can see that. That protects the DB. 2) LC scripts are not in the public_html folder tree. This keeps away prying eyes. 3) The client uses https requests. I am assuming that the URL itself is encrypted so any of the commands to my web service can't be sniffed. 4) All web service requests need a password parameter in the URL parameters. This keeps anyone from issuing commands to the web service. Am I missing anything security wise here? Does this model eliminate the need for parameterized queries? Can I send SQL from the client and be safe or do I need to set up some only known to me data structure for DB requests? Ralph DiMola IT Director Evergreen Information Services rdim...@evergreeninfo.net _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
