hi,
i saw Name "id" for PRIMARY KEY in PostgreSQL Sample
does Fivewin use Name "id" as default also for "other" SQL
does Fivewin use Name "id" as default also for "other" SQL
Auto incremating Primary keys lend themselves to Sql Injection attacks
Rick Lipkin wrote:Jimmy
I create my own primary keys that way I control when a table is appended .. if you use auto increment an attacker could force an table append or "Inject" records into your tables and the database doesn't care .. the primary keys are generated automatically .. for me I create ALL my primary keys programmatically to is someone infiltrates my database security and tries to create ne records or "Inject" ( append ) records they will fail because there is no primary key and the injection fails ..
Just something to keep in mind .. .
//-------------------
Static Func _GenEid()
// generate a unique primary key
LOCAL nRAND,cRand
LOCAL oRs, cSQL, oERR
oRs:= TOleAuto():New( "ADODB.Recordset" )
oRs:CursorType := 1 // opendkeyset
oRs:CursorLocation := 3 // local cache
oRs:LockType := 3 // lockoportunistic
cSQL := "SELECT UserEid from UserInfo"
TRY
oRs:Open( cSQL,xCONNECT )
CATCH oErr
MsgInfo( "Error in Opening USERINFO table to Create Unique EID" )
RETURN("BOGUS")
END TRY
DO WHILE .T.
nRAND := nRANDOM(10000000000000000)
// 1 is reserved and 0 is a null key //
IF nRAND = 1 .or. nRAND = 0 .or. nRAND = NIL
LOOP
ENDIF
cRAND := STR(nRAND,17)
IF oRs:eof
ELSE
oRs:MoveFirst()
oRs:Find("UserEid = '"+cRAND+"'" )
ENDIF
IF oRs:eof
EXIT
ELSE
LOOP
ENDIF
EXIT
ENDDO
oRs:Close()
oRs := nil
RETURN( cRAND )
Return to FiveWin for Harbour/xHarbour
Users browsing this forum: No registered users and 111 guests