Page 2 of 2 First 12
  • Jump to page:
    #16
  1. Known to taste like chicken
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Location
    In front of my computer
    Posts
    399
    Rep Power
    311
    Originally Posted by seeked
    ...anyone who gains access to the database...
    exactly... they would need to gain access to the DB for any of this to be a problem. Work more on securing the server and hardening your mysql install rather than trying to make MySQL do something it doesn't do.

    Originally Posted by seeked
    I was simply looking for a way to say, insert as row 7 or insert after this row...
    As has been said many times in this thread, it doesn't work like that. Either accept that fact, or get the mysql source, change it to work like that and run with your own version (which would quite possibly open you up to more security issues etc in the long run).

    Comments on this post

    • Jacques1 agrees : That sums it up, and maybe it will finally come through ...
    • Jyncka agrees : It sounds like you need to change your application logic as well, you can accomplish a lot of what you're trying to do with good design and programming.
    "Take thy beak from out my heart, and take thy form from off my door" - Homer J Simpson / Edgar Allan Poe

    Looking for a project Idea?
  2. #17
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2006
    Posts
    2,436
    Rep Power
    1688
    My brain is beginning to bleed ... simplifying things enormously (from what I recall reading) - you want to hide who is sending messages to who, except from the recipient of the message. The only way you (via the database) can do that is to link (at a minimum) two pieces of information together: sender and recipient. You can obfuscate and hide and add levels of linkage to you heart's content. But as some point that link between sender and recipient is going to have to exists - however ephemerally and transiently. The fact that this is so means that another anyone able to interrogate the database will be able to replicate that process. This is why you slap restricted access on things and only permit your code, controlled by you, visible to you alone (i.e., runs server-side and never seen by the user) and dealing only with the exact amount of information needed to run.
    This sounds very much security by obfuscation which is generally no security at all.

    Comments on this post

    • sir_drinxalot agrees
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc
Page 2 of 2 First 12
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo