On Tue, Oct 4, 2011 at 6:07 PM, Jeremiah Dodds <jeremiah.dodds@xxxxxxxxx>wrote: > On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas <stuart@xxxxxxxx> wrote: > > As for the overhead I very much doubt there's much difference between > that and the overhead of prepared statements. > > Probably not. As an aside, I'm really struggling to find a case where > it'd be worth base64-encoding the queries like that unless you were > both concerned about someone sniffing your queries over the wire and > sure that they wouldn't think to base-64 decode them. Not to mention > that if your grand idea to prevent eavesdropping is simple transforms, > If that's the case, then SSL would be a better solution since it also protects the authentication process. In then end, I still don't see base64 as a viable solution. > you've got a larger problem on your hands. > > It *will* work, as mysql's base64 decoder won't evaluate the decoded > string as a statement, afaik, but it will also expand the size of > stuff by around 30% while having a, imo, much better solution widely > available. > >
