From: "Derek Fountain" <[EMAIL PROTECTED]> > [snip discussion about encrypting data]
> Indeed, but I'm still interested in the general answer. The server I have been > looking at was hopelessly insecure and SQL injection is only one of its > problems. There were several other ways in! Assume, for example, an attacker > can write his own script directly into the website document tree. In this > case prepared queries don't help protect what's in the database. The attacker > can use them himself if he likes! For encrypted data to be usable by the website, the keys must be available by, either in the database or in the scripts themselves. If the attacker can write his own scripts into the document tree, these keys will be available to him as well. gnari ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
