Thread: Limitation of SQL Execution
View Single Post
  #3  
Old 08-28-2009, 05:22 PM
fowlplay4 fowlplay4 is offline
team canada
fowlplay4's Avatar
Join Date: Jul 2004
Location: Canada
Posts: 5,200
fowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond repute
Quote:
Originally Posted by Gambet View Post
Couldn't you use callstack protection? You can't restrict the commands themselves but you can restrict whatever system you're using to write and access the information and make it so only that system can make alterations.
I think he's referring to someone just doing in a level or script somewhere.

PHP Code:
function onCreated() {
  temp.statement "DELETE * FROM Important_Table";
  requestsql(statementfalse);
But if they know how to do that then they're probably knowledgeable enough to use the restricted scripts anyway.

Best course of action, don't let people you don't trust have access to the scripts and levels, and filter through them if you have to. Besides there are so many better things they could do maliciously.
__________________
Quote:
Last edited by fowlplay4; 08-28-2009 at 05:39 PM..
Reply With Quote