Search found 8 matches
- Thu May 17, 2012 9:00 am
- Forum: Databases
- Topic: LiveCode security
- Replies: 19
- Views: 14215
Re: LiveCode security
Hi, yes obviously, but i'm thinking always as a login form, which the user can insert text and symbols if he wants. This is the worst case i think. By the way i think that with sql injection we are done. And what about database connections? I read that when trying to open databases, we can add a par...
- Wed May 16, 2012 11:19 pm
- Forum: Databases
- Topic: LiveCode security
- Replies: 19
- Views: 14215
Re: LiveCode security
Yes, sure. Just like: replace "'" with "\'" in myDataToQuery. I think that this one prevents the 90% of the sql injection attacks. it could be used for quotes, semi colon, ecc.. I think this is the best way from preventing us.
Regards
Edoardo
Regards
Edoardo
- Wed May 16, 2012 10:59 pm
- Forum: Databases
- Topic: LiveCode security
- Replies: 19
- Views: 14215
Re: LiveCode security
Here i am, I've read everything. Let's say that the article with the rsa and aes discussions was VERY useful. Exactly what i needed :) Anyway, it seems that there are no way to prevent from an SQL-injection attack. We can not(i think) manipulate user's inputs, since (as mentioned) there could be quo...
- Mon May 14, 2012 1:57 pm
- Forum: Databases
- Topic: LiveCode security
- Replies: 19
- Views: 14215
Re: LiveCode security
Thank you very much for your answers! They are very useful(Even the one of FourthWorld ;) )!! Once i will have the time i will read the one posted by igor (Thank you very much). So, as i see, the best way of keep apps protected is to manage user inputs, even from sql injection and cross site scripti...
- Sun May 13, 2012 11:58 pm
- Forum: Databases
- Topic: LiveCode security
- Replies: 19
- Views: 14215
Re: LiveCode security
Ok but this does not involve LiveCode. If i have a LiveCode app server which accept sockets and db connections, and all goes in plain text, the only way to hide everything is to encrypt before let it pass, and decrypt on server side, am i right? Or there are other ways? Another example is: How to ge...
- Sun May 13, 2012 11:41 pm
- Forum: Databases
- Topic: LiveCode security
- Replies: 19
- Views: 14215
Re: LiveCode security
Yes, if the db is local on the machine the only way to make it secure is by having a strong password and all of other things you mentioned. Other point of view: For example if i want to save my data on files, is there a way to encrypt them? If the db is not local: a cooworker of mine, told me that w...
- Sun May 13, 2012 6:10 pm
- Forum: Databases
- Topic: LiveCode security
- Replies: 19
- Views: 14215
Re: LiveCode security
Thanks for your answer. Think of this: I have an application which works with a LOCAL database. In this database there is a table which describe every account for my app: Username,password,adrress,name, surname ecc ecc.. What would you do to make it the more secure you can? The only thing that comes...
- Sun May 13, 2012 2:27 pm
- Forum: Databases
- Topic: LiveCode security
- Replies: 19
- Views: 14215
LiveCode security
Hi all, i'm new in this forum and i think it's time to ask you something. I decided to use LiveCode as the argument of my thesis and i have been asked to focus on security/privacy of data. I'm trying to find all the functions and ways that LiveCode uses for keep our private data from beeing discover...