|
-
Jan 15th, 2014, 04:06 PM
#8
Re: VB6 to PHP/MySQL Interface
If a MySQL server has a connection port open to the Internet any specific MySQL exploits could make the service or even the entire machine and local network vulnerable. The same applies using any DBMS.
Ignoring that you'd need some way to protect the user/pw from being uncovered by malicious people. They might sniff it over the wire (even web apps don't send user/pw in plain text) or they might extract it from a copy of the client application or they might get lucky through brute force attacks.
Exposing any database server to the Internet just isn't done. A few web searches should turn up a lot on the subject.
What you want to do is allow access through a "window" so narrow it is only useful for a specific application. This is normally done through some software (a PHP "page" being just one example) that accepts requests in a format it can edit for safety and validity. Accepting a SQL query is a problem because it means a ton of extra work parsing and validating... and almost nobody does it so you have a security hole big enough to drive a truck through.
But I've learned not to expect much from most programmers so I'm sure the advice will be ignored.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|