I think safety is over rated on some places. It all depends on the sensitiveness of the information you are storing. If this is a simple "Cooking Recipes Website" then using standard security polices will be enough. If you're building your first web enabled livecode based nuclear reactor then you might want something more robust.
If you decide to go with a remote connection, then edit the user that is able to connect and strip him of all the priviledges he do not need. Allow him to query the necessary tables and only that. Keep him away from schemas and other reflections. A cool (and theoretical since I never implemented it) and somewhat automatic way for authentication to work is to use a ticket like this: 1) There is an authentication irev file which will only serve thru a SSL connection. This file will receive a post call from the desktop client and check if it is allowed to connect to the database, if it is so, then it will answer back with a login/password combination to the client. 2) the client use the login/password combination from step 1 to connect to the database. If connection breaks or expires, do step 1 again. This login/pass combination can be generated at runtime and using cron you can expire those credentials as you see fit. Think about it as some banks generate Online VISA numbers good for one transaction only. You are generating readonly access user credentials on demand, if any of your credentials is compromissed the hacker will not have access to anything since you took out all priviledges for that user and even so, after some time, that user will expire and the login/pass combo will be useless. :-P (I never implemented this, I just though out of the blue how to give remote access with some modest security that would not need code changes to replace login credentials if the given logins were compromised) _______________________________________________ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution