|
Why not set up a server-side script that accepts predefined actions from POST actions, and leave the DB abstraction to that? You could make calls to that through AJAX and never expose the DB.
|
# ¿ Dec 10, 2013 17:44 |
|
|
# ¿ May 22, 2024 18:04 |
|
Pseudo-God posted:I want to do it without a server-side script at all, but I guess the tech is not here yet. Keep in mind, even if you found an elegant way to have user-run javascript authenticate to your DB in a secure way that the user can't hijack the credentials from (which doesn't seem possible), you're still relying on that script to make direct SQL queries, which hoses your security entirely. That's why you need the abstraction. Instead of blindly accepting queries, you've got predefined queries that the abstraction layer provides based on criteria that the user submits via the javascript.
|
# ¿ Dec 10, 2013 17:50 |