× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On Wed, Mar 25, 2020 at 6:17 AM Tim Fathers <X700-IX2J@xxxxxxxxxxx> wrote:

It's exactly for this reason that our web app's logic is behind stored
procedures, which are the only things that can be called by the application
server. I think it's asking for trouble if you use the normal way of
allowing a PHP or Node applications free run at the database.


this makes a lot of sense to me. All of my access to the database is thru
stored procedures. But the mistake I have made is in storing the stored
procedure in the same library as the data file. Doing it this way is
easier and more straightforward. But also means the data library is the
database that the PHP code talks to. Meaning, all the stored procedures and
data files in the library/database are open to PHP web code. Much better I
think to have the stored procedure in a standalone library/database. Then
the code of each stored procedure will add the data library to the library
list. This should cut down the attack surface - where PHP code has no
direct access to data files.

-Steve




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.