Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re: Use placeholders. For SECURITY!

by mpeppler (Vicar)
on Nov 14, 2003 at 01:00 UTC ( #306987=note: print w/replies, xml ) Need Help??

in reply to Use placeholders. For SECURITY!

Absolutely. The alternative at the database level can be to force all access via stored procedures, but even that doesn't necessarily protect you against this sort of problem.

At one client we have set up a fairly elaborate security system where the front end servers hit a middle ware layer on a different server with a request that includes a service name and an MD5 key for that service, which gets validated in the database before the service is allowed to run. This should prevent unauthorized hosts from connecting to the database directly, and from attempting to execute unauthorized database requests (I say "should" because we all know that all software has bugs...). It costs us in terms of performance (for each database request there are multiple round-trips to the database to validate the request, etc.), but preserving the integritiy of our data is essential.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://306987]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (3)
As of 2018-05-26 20:37 GMT
Find Nodes?
    Voting Booth?