On Tue, Oct 4, 2011 at 6:07 PM, Jeremiah Dodds <jeremiah.do...@gmail.com>wrote:

> On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas <stu...@3ft9.com> wrote:
> >  As for the overhead I very much doubt there's much difference between
> that and the overhead of prepared statements.
> Probably not. As an aside, I'm really struggling to find a case where
> it'd be worth base64-encoding the queries like that unless you were
> both concerned about someone sniffing your queries over the wire and
> sure that they wouldn't think to base-64 decode them. Not to mention
> that if your grand idea to prevent eavesdropping is simple transforms,

If that's the case, then SSL would be a better solution since it also
protects the authentication process.  In then end, I still don't see base64
as a viable solution.

> you've got a larger problem on your hands.
> It *will* work, as mysql's base64 decoder won't evaluate the decoded
> string as a statement, afaik, but it will also expand the size of
> stuff by around 30% while having a, imo, much better solution widely
> available.

Reply via email to