Thread
:
Who uses sql and how?
View Single Post
rambo
2010-10-27 , 19:32
Posts: 540 | Thanked: 288 times | Joined on Sep 2009
#
6
Do not access the SQL directly there is no need and it adds complexity and dependencies to your app.
Use https to access the web frontend and at the very least use a hash to verify the POSTs, example:
name=Foobar
score=3489437
md5=<md5 of name, score and a secret string known to the app and the server>
Of course for open source software the secret isn't one much longer (and https protects just from casual network sniffing) and disassembly is always possible.
This is actually pretty hard problem to solve if supposing the attackers have resources and interest to throw at it.
__________________
Live near Helsinki, Finland & interested in electronics ?
Check this out
.
Want anti-virus/firewall ?
Read this
(and follow the links, also: use the search, there are way too many threads asking the same questions over and over and over again).
I'm experimenting with
BitCoin
s, if you want to tip me send some to: 1CAEy7PYptSasN67TiMYM74ELDVGZS6cCB
Quote & Reply
|
rambo
View Public Profile
Send a private message to rambo
Find all posts by rambo