Re: [NF] Web code safety, was Storing code in tables
Kenneth Kixmoeller/fh wrote: On Feb 6, 2007, at 11:43 AM, Fletcher Johnson wrote: Certainly, if the code is in a table, it is subject to modification (potentially malicious), Thank you for your thoughts, Fletcher. Regardless of my application construction, this is something that I am wondering about. Maybe somebody can help me understand. It may seem hopelessly naive, but from my reading, it seems like: 1. If your data are off of the web tree, and 2. You have robust protection against SQL injection Your data should be protected. Am I wrong? How else would anyone get to your data? Similarly, if you don't have any SQL in code that is in your Web tree that should be *relatively* safe. All data in user-interface is called data object functions, and those are off of the web tree, too. Again, am I wrong, or is this understanding too simplistic? Ken You might also have a field with some kind of coded checksum, so your program would notice if the code has been tampered with. ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] Web code safety, was Storing code in tables
On Feb 7, 2007, at 9:22 AM, Ricardo Aráoz wrote: You might also have a field with some kind of coded checksum, so your program would notice if the code has been tampered with. Thanks -- good idea. Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
[NF] Web code safety, was Storing code in tables
On Feb 6, 2007, at 11:43 AM, Fletcher Johnson wrote: Certainly, if the code is in a table, it is subject to modification (potentially malicious), Thank you for your thoughts, Fletcher. Regardless of my application construction, this is something that I am wondering about. Maybe somebody can help me understand. It may seem hopelessly naive, but from my reading, it seems like: 1. If your data are off of the web tree, and 2. You have robust protection against SQL injection Your data should be protected. Am I wrong? How else would anyone get to your data? Similarly, if you don't have any SQL in code that is in your Web tree that should be *relatively* safe. All data in user-interface is called data object functions, and those are off of the web tree, too. Again, am I wrong, or is this understanding too simplistic? Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.