Quote:
Originally Posted by fowlplay4
I think he's referring to someone just doing in a level or script somewhere.
PHP Code:
function onCreated() {
temp.statement = "DELETE * FROM Important_Table";
requestsql(statement, false);
}
But if they know how to do that then they're probably knowledgeable enough to use the restricted scripts anyway.
Best course of action, don't let people you don't trust have access to the scripts and levels, and filter through them if you have to. Besides there are so many better things they could do maliciously. |
I suppose you could still incorporate callstack, though, by storing a backup of the data and making it so if the system that is supposed to access the database isn't the one updating the database then whatever changes made to the data is automatically reverted back to the backup.