Re: [PHP] security flaw?

Marek Kilimajer Wed, 02 Apr 2003 03:36:48 -0800

It should not be too difficult to change the delphi utility to post a sql or csv file to a php script, in the script you can check the sql commands and then execute them or parse the csv file respectively. The password is not really hidden, maybe it is not even scrambled in the binary, and can be seen by sniffing the connection anyway.

Edward Peloke wrote:

Hello all,

As part of my website, I need to allow the users to upload data from an
access db to my mysql db.  This is all done with a small delphi utility by
way of odbc.  The problem is, my webhost will only allow me to have one user
set up for the db so when I set up the odbc connection for the client (by
way of an install), I have to set up the main username to the db and the
main password.  When I go back into odbc, the password appears to be hidden
from the user but is it really?  How can I give them access into this table
without such a security risk?

Thanks,
Eddie

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] security flaw?

Reply via email to