| Subject | Re: [Firebird-Java] Re: JayBird + Firebird on Android |
|---|---|
| Author | Mark Rotteveel |
| Post date | 2011-11-30T15:50:49Z |
On Wed, 30 Nov 2011 16:29:41 +0100, Roman Rokytskyy <roman@...>
wrote:
giving client-side JavaScript direct-access to your database sounds even
worse :) Oktober was dubbed leaktober by an online IT magazine here in NL:
every business day (and sometimes in the weekend) they exposed at least one
(gaping) security hole in websites of companies, government etc. Most of
these were basic SQL injection attacks; lets make sure we reduce the
potential of that type of attacks, not increase the chance :)
Mark
wrote:
> While I 100% agree with your approach from the architectural POV, thereI hope you are talking about server-side JavaScript solutions, because
> is at least one good reason to provide JSON interface to Firebird: many
> JavaScript libraries are tuned to use JSON or XML access to underlying
> DB directly. Giving them webservice might not be the best solution,
> since it would require more handwritten code.
giving client-side JavaScript direct-access to your database sounds even
worse :) Oktober was dubbed leaktober by an online IT magazine here in NL:
every business day (and sometimes in the weekend) they exposed at least one
(gaping) security hole in websites of companies, government etc. Most of
these were basic SQL injection attacks; lets make sure we reduce the
potential of that type of attacks, not increase the chance :)
> I have presented RESTful link between SmartClient/SmartGWT and FirebirdAre the slides (or video) available somewhere?
> on Firebird Conference in Bremen.
Mark