On Sat, Apr 11, 2015 at 8:27 AM, Peter Haworth <[email protected]> wrote:
> SQL injection attacks alter the SQL statements sent by a valid user so the > attacker doesn't need to know a username/password. > But they would need the encryption key, too. mySQL *can* be set to take only secure connections, can't it? Postgres can, but runrev inexplicably hasn't seen fit to add the line of code to allow this connection to be made; only for mySQL > Even more scary is how hackers can get into a system using a "I forgot my > password" form with SQL injection, lots of examples on the web. > But https solves that, doesn't it? -- Dr. Richard E. Hawkins, Esq. (702) 508-8462 _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
