>>>>> "Kenneth" == Kenneth Downs <ken@secdat.com> writes:
Kenneth> This in effect makes the web server a proxy to the database, which
Kenneth> sounds like what you are after. The "P" portion for us is PHP, not
Kenneth> Perl, and it is small though non-zero. It has only two jobs really.
Kenneth> In the one direction it converts HTTP requests into SQL, and in the
Kenneth> other it converts SQL results into HTML.
How do you control trust? I presume you're not accepting raw SQL queries (or
even snippets) over the wire, so you have to have enough server-side mapping
code to map domain objects into database objects and domain verbs into
queries, and then authenticate and authorize that this verb is permitted by
the incoming user. That can't be just a trivial amount of code. That's
usually a serious pile of code.
And please don't tell me you do all of that client-side. :)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
