comprehensive list: https://www.owasp.org/index.php/Top_10_2010-Main
the top two entries should be understood at least on a basic level: http://en.wikipedia.org/wiki/SQL_injection http://en.wikipedia.org/wiki/Cross-site_scripting Obviously some things do not apply to Rev-based code, but for example sql injections can happen, depending on how you code them, if you validate user inputs wrongly, and so on. It's a vast topic, and the easiest way to deal with it is to trust someone else to code properly, so RevIgniter might be the right thing to learn. On 26 Nov 2011, at 16:51, Tim Selander wrote: > Hi, > > I'm beginning to learn how to use <?rev scripts to access mysql databases on > my on-rev.com account. > I am going to allow users to search a catalog, but no uploading and no data > entry or data editing... > What, if any, security problems do I need to consider? mySQL newbie... > > Thanks, > > Tim Selander > Tokyo, Japan -- Watch live presentations every Saturday: http://livecode.tv Use an alternative Dictionary viewer: http://bjoernke.com/bvgdocu/ Chat with other RunRev developers: http://bjoernke.com/chatrev/ _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
