The stupid question is the question not asked | |
PerlMonks |
Perl to protect database field name infoby punch_card_don (Curate) |
on Feb 12, 2007 at 23:08 UTC ( [id://599599]=perlmeditation: print w/replies, xml ) | Need Help?? |
Melodious Monks,
A small meditation on a current project. You have an sql db and are going to dynamically generate a record-input screen with Perl script. First temptation is do something like this (pseudo-code): and then the reverse when the form is submitted. BUT, I've now given away the actual column names of my table - one small piece of real info for hackers to exploit. I could, instead, have a hash of "public" names: But now I have this intermediate association table to maintain. Sooooo, I thought a nifty alternative would be a home-made field name encoder/decoder: with a corresponding decode sub for the returning values in the submitted form. No association tables to maintain - and my field name info is secure. Wadda y'all think?
Forget that fear of gravity, Get a little savagery in your life.
Back to
Meditations
|
|