I have not been following the start of this thread but I was myself
wondering about the security of DB access over the web
I have been playing with JSP and servlets with JDBC access to PG
(I guess the principal is the same as using other scripting languages.)
I noticed that it appears impossible for any web user to see the JSP
source, all
they will see is the generated HTML is they view page source. Even if they
could see
the JSP they would not see the Servlet which would be in a private
directory
You could then left them do things, even enter SQL into your form but your
servlet
could parse it and stop them doing unwanted things.
BTW Are there any security issues with this that anyone knows of???
Thanks
MC.
--
NOTICE: The information contained in this electronic mail transmission is
intended by Convergys Corporation for the use of the named individual or
entity to which it is directed and may contain information that is
privileged or otherwise confidential. If you have received this electronic
mail transmission in error, please delete it from your system without
copying or forwarding it, and notify the sender of the error by reply email
or by telephone (collect), so that the sender's address records can be
corrected.