On 17 Jul 2008, at 21:56, Robert Cummings wrote:
On Thu, 2008-07-17 at 15:46 -0500, Micah Gersten wrote:
What can help is if one app only has access to it's own DB. Also,
for
mysql, there is the mysql_real_escape_string function for a reason.
Well I agree with that of course... but the post by Stut indicated the
interviewee thought he could punt all DB security to the DBA.
Obviously
it's important that the app developer use appropriate programming
techniques to achieve security in conjunction with the DBA.
My main point was that security is the responsibility of everyone on
the team whether it's explicitly part of their job spec or not. A
candidate who doesn't see that without prompting will not be getting
any further in my interview process.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
