nah!
what difference does it make?
I mean, if they guy gets access to your DB server then he's gonna find out
the fieldnames anyway!
If he can't get access to your DB then what has he got?, a few POSSIBLE DB
field names (i mean, how does HE know the names are real?) for him to
attempt to recreate fragments of the data model.... pah! best of luck...
joel
-----Original Message-----
From: Michael R. Fahey [mailto:[EMAIL PROTECTED]]
Sent: 31 August 2001 13:33
To: [EMAIL PROTECTED]
Subject: Is it a security risk to use identical names for database fields
and html forms?
Hi,
I was looking at a perl script where the developer used different names
for the incoming parameters and the database field names. He told me
that this was done for security reasons-- to ensure that malicious users
would not be able to discover the field names in the database being
updated or queried. How dangerous is this? I think it would be easier to
work with a hash of parameters from the input form.
I'm using cg.pm, DBI, and postgresql.
Thanks.
Michael Fahey
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
