My two cents: Many valuable suggestions in this thread on front ends, serving static files, etc.
I'd bet most of the auditors are searching for things like SQL injection attacks. They probably won't be able to find any of those on a 4D web server and most won't know enough about 4D to craft similar attacks. However, ... Someone knowledgeable in 4D (a _very_ small set of people compared to those who are conversant in SQL) might be possible to form similar injection style attacks on a given codebase. At the least, with any use of php, you should parameterize, type check, and sanity check any input from forms, web services, and suchlike. Tom Swenson ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
