Kenneth Kixmoeller/fh wrote: > On Feb 6, 2007, at 11:43 AM, Fletcher Johnson wrote: > >> Certainly, if the code is in a table, it is >> subject to modification (potentially malicious), > > Thank you for your thoughts, Fletcher. > > Regardless of my application construction, this is something that I > am wondering about. Maybe somebody can help me understand. It may > seem hopelessly naive, but from my reading, it seems like: > > 1. If your data are off of the web tree, and > 2. You have robust protection against SQL injection > > Your data should be protected. Am I wrong? How else would anyone get > to your data? > > Similarly, if you don't have any SQL in code that is in your Web tree > that should be *relatively* safe. All data in user-interface is > called data object functions, and those are off of the web tree, too. > > Again, am I wrong, or is this understanding too simplistic? > > Ken > >
You might also have a field with some kind of coded checksum, so your program would notice if the code has been tampered with. _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
