DB Relay - NGiNX based open source project
Michael Shadle
mike503 at gmail.com
Fri Jul 23 02:21:06 MSD 2010
On Thu, Jul 22, 2010 at 3:09 PM, Brian Bruns <brian at bruns.com> wrote:
> Hi Michael,
>
> We're still here at OSCON if you want to stop by.
>
> It's intended for use in applications, so it's really no different
> than using the native database APIs vis-a-vis security, all the same
> concerns apply. We just make it easier to get to the database.
>
> Brian
Applications mask the queries though.
via PHP:
foo.php?file=1
via DBRelay:
/sql?sql=SELECT something FROM table WHERE file_id=somevariable
(of course URL encoded, blahblah)
Seems to me the model shouldn't be used for anything that would be an
information disclosure to anything sensitive. For instance, perhaps
you want a user's email address. well, depending on how it's done, you
could SHOW COLUMNS FROM user; or SELECT * FROM user; instead of SELECT
email FROM user ... right?
More information about the nginx
mailing list