Please, be correct. There are no secure ways to communicate. Period. Neither "persistent SQL datastores" or "websockets" will get you secure communication. Nor will SSL, or anything else.
Paranoia is essential in writing communication software. (Of course, paranoia is important in writing any software, but in communications, you can't even trust yourself.) http://xkcd.com/327/ --David Garfield Simon Slavin writes: > > On 14 Nov 2011, at 5:53pm, Dotan Cohen wrote: > > > I recommend against formulating the SQL statements in Javascript. > > Because if I find that page, I _will_ try to inject my own SQL. > > My code on the PHP side executes only the first SQL command. And > there a hash. But yes, people should be careful with doing things > like that. > > Unfortunately there are no secure ways to communicate between > JavaScript and PHP. Because whatever you do, you're still sending a > text string from one to another. You might have a protocol that the > text string is XML or JSON but when it comes down to it, you hacker > will figure that out too. It's a nasty security problem with > AJAX/SOAP/REST web apps which will be solved only when we all move > to persistent SQL datastores or to websockets, both of which are in > HTML5. > > Simon. > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
