Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: SQL configurations in automated testing "A bit OT"

by Gavin (Archbishop)
on Nov 21, 2007 at 20:37 UTC ( [id://652237]=note: print w/replies, xml ) Need Help??


in reply to SQL configurations in automated testing

Nice post ++ and a great test idea which I’m afraid I can’t help you with but am sure others can and will.

But as a side issue I would be interested in your and other Monks opinion regarding the security vulnerabilities (Cross-Site Scripting, Injection etc) in the various variations of SQL "Postgres, MySQL, SQLite etc" when used for a web application and which would be first choice for security and ease of use.
  • Comment on Re: SQL configurations in automated testing "A bit OT"

Replies are listed 'Best First'.
Re^2: SQL configurations in automated testing "A bit OT"
by dragonchild (Archbishop) on Nov 21, 2007 at 21:27 UTC
    Your choice of data storage has no relationship with your vulnerability to XSS. The only vulnerability you really care about (from a programming perspective) when picking a RDBMS is SQL Injection and that's solved by DBI. Anything else is the purview of your DBA (you do have one, right) and your sysadmin (you do have one of those, too, right).
    My criteria for good software:
    1. Does it work?
    2. Can someone else come in, make a change, and be reasonably certain no bugs were introduced?
[reply]
      Like they said. Run your program in Taint mode and use placeholders in queries. That should hit most of your worries.

       

      -justin simoni
      skazat me

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://652237]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (4)
As of 2024-04-18 20:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found