On Sat, Apr 11, 2015 at 8:41 AM, Dr. Hawkins <[email protected]> wrote:
> But they would need the encryption key, too. > > mySQL *can* be set to take only secure connections, can't it? Postgres > can, but runrev inexplicably hasn't seen fit to add the line of code to > allow this connection to be made; only for mySQL > > > > Even more scary is how hackers can get into a system using a "I forgot my > > password" form with SQL injection, lots of examples on the web. > > > > But https solves that, doesn't it? > At Dreamhost, mySQL security is determined by the connecting IP number, if that's a help. If it's not coming from your IP, no access. Of course somebody will have to maintain the IPs at the webhost, and that may not be practical for a distribution. -- Stephen Barncard - Sebastopol Ca. USA - Deeds Not Words _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
