Comments (4)
- I think most server with PHP would have MySQL database. What do you mean by
limited Mysql databases
? - Think about cloud computing platform that does not give write permission to disk, but ask you to store files to their file server using some API...
from password-manager.
We're on a managed server here, where we have only a limited amount of mysql databases available. And I'm not allowed to mix tables from different apps into one database like with prefixes.
Additionally I saw a guy hacking into mysql based sites. Took him only a couple of minutes to hack several seemingly secure sites. Since we're talking about real secure stuff here I would prefere either sqlite or just plain text storage.
from password-manager.
Hi,
Actually, this project only need a SQL server instead of MySQL server. If
you think SQLite is good, just modify function/sqllink.php to connect to
SQLlite server. That's the only file you need to edit. But I won't put this
into my project for following reasons:
For your second question, I use PDO in my implementation with data sent
separately from query. I don't think SQL injection is likely here. Yes, all
old technology for connecting database in PHP is insecure. By the way, you
will have no less trouble using SQLite. Because you still use SQL. SQL
injection is not something just for MySQL.
For your first question, I think you're using a really special environment.
You even don't need a server/VPS. All PHP web hosting you can buy
online nowadays is with MySQL. So it's reasonable to use it. But there's
some platforms making their code folder not writable. In this case. your
SQLlite and plaintext won't work. I never used SQLite before, but I think
it supports SQL query just as MySQL do. So if you really need SQLite, just
modify function/sqllink.php to connect to your SQLite.
On Sunday, 20 March 2016, nickbe [email protected] wrote:
We're on a managed server here, where we have only a limited amount of
mysql databases available. And I'm not allowed to mix tables from different
apps into one database like with prefixes.
Additionally I saw a guy hacking into mysql based sites. Took him only a
couple of minutes to hack several seemingly secure sites. Since we're
talking about real secure stuff here I would prefere either sqlite or just
plain text storage.—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#38 (comment)
from password-manager.
I'll try to implement an alternative in sqlink.php. Maybe let the user choose in the config. Php which database to use. If everything works as expected I let you know anyway. Maybe it's at least worth to consider an optionaö alternative.
from password-manager.
Related Issues (20)
- Enable Group by Tags default HOT 2
- sort by name HOT 2
- random_login_stamp HOT 7
- Positive comment and thank you HOT 3
- Extra table td before username HOT 6
- Import problem with Username filed HOT 1
- Is this still active and mainteined? HOT 6
- Complete rework HOT 1
- Import CSV failed. HOT 4
- Replace SHA512 with SHA3-512 HOT 3
- Move to maintainance mode HOT 2
- Upgrade plugin to support v11.00 HOT 4
- PIN doesn't work on newest version HOT 5
- Cannot read property 'importKey' of undefined HOT 2
- TypeError: Cannot convert undefined or null to object AFTER LOGIN HOT 4
- New Implementation is ready HOT 1
- what is the password HOT 6
- Cannot run version 11: error 'sorry-update-your-browser' or am I not meeting the minimum requirements? HOT 1
- Can no longer copy password to clipboard without revealing it? HOT 2
- Current web browser doesn't support the technologies in Android 8.1 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from password-manager.