Re: Re: Secure data management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5 Oct 2011, at 02:07, Jeremiah Dodds wrote:

> On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas <stuart@xxxxxxxx> wrote:
>> As for the overhead I very much doubt there's much difference between that and the overhead of prepared statements.
> 
> Probably not. As an aside, I'm really struggling to find a case where
> it'd be worth base64-encoding the queries like that unless you were
> both concerned about someone sniffing your queries over the wire and
> sure that they wouldn't think to base-64 decode them. Not to mention
> that if your grand idea to prevent eavesdropping is simple transforms,
> you've got a larger problem on your hands.

I don't see a reason to use base64 to solve the SQL injection problem either, especially with prepared statements available, but that doesn't mean it won't work.

As far as protecting data during transit, that's what SSL is for. Base64 is not an encryption mechanism.

> It *will* work, as mysql's base64 decoder won't evaluate the decoded
> string as a statement, afaik, but it will also expand the size of
> stuff by around 30% while having a, imo, much better solution widely
> available.

It will indeed increase the size of the queries, but unless you're running Facebook, LAN capacity is very rarely a bottleneck.

-Stuart

-- 
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux