Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: How to store files into the DB with PHP. (bytea ?)
- From: François Delpierre <pgsql(at)pivert(dot)org>
- To: pgsql-php(at)postgresql(dot)org
- Subject: Re: How to store files into the DB with PHP. (bytea ?)
- Date: Tue, 3 Feb 2009 17:16:44 +0100
- Message-id: <200902031716.44453.pgsql@pivert.org> <text/plain>
Hi Andrew, > I don't see that this changes things. Whether you use stored > procedures, authenticate against the database, or whatever, your web > application layer has access to the information on the way through and > any compromise of your webserver will necessarily involve having a 'man > in the middle' possibility. You're right, authenticating against the DB will not change anything, my mistake. As far as the user can read a table, he can read all records. > So an attacker would (e.g.) log the user's credentials as they pass > through and then happily generate their own tickets to use to extract > the data. Totally agree, the attacker will be able to access the files of the users that are connecting from the time he put the sniffer in place BUT NOT dump the whole content with thousands of documents from the previous months from users that did not connect recently. So, this limit the impact. To go back to the initial subject of this post, I'm now able to store/read files from the DB up to 20MB without problem. Without using stored procedures yet. (Maybe I can post the code here.) Only an annoying warning about escaping that I can't figure out yet. François.
- Prev by Date: Re: How to store files into the DB with PHP. (bytea ?)
- Next by Date: pl/php for windows
- Previous by thread: Re: How to store files into the DB with PHP. (bytea ?)
- Next by thread: pl/php for windows
- Indexes: