Hi, I guess I'm not understanding this part of you dilemma. Maybe your methodology needs to be addressed? Personally I design my sites so that only non essential data is passed using POST or GET, so that any change in the POST or GET that is not expected results in an error or simply the display of something, article or product, other than what they would have received otherwise.
Since you don't give use the site, which good. What exploit would be able to be targeted to your site by manally running your script from my site, assuming I knew the taxonomy of your DB and script vars? Sincerely, Mike -- Mike Brandonisio * Web Hosting Tech One Illustration * Internet Marketing tel (630) 759-9283 * e-Commerce [EMAIL PROTECTED] * http://www.jikometrix.net JIKOmetrix - Reliable web hosting On Jun 29, 2006, at 7:00 PM, J Siegel wrote: > Certainly this is something that is needed. I can't be the only one > with a database accessed through php who doesn't want anyone to just > make their own accesses to it. Without some type of protection, > anyone could write a simple script to download my entire database. ------------------------ Yahoo! Groups Sponsor --------------------~--> Yahoo! Groups gets a make over. See the new email design. http://us.click.yahoo.com/XISQkA/lOaOAA/yQLSAA/CefplB/TM --------------------------------------------------------------------~-> The php_mysql group is dedicated to learn more about the PHP/MySQL web database possibilities through group learning. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php_mysql/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
