Recently there is a demand, because of the implementation of no access to database server, so I'm going to do a simple page in a program, a textarea text input SQL statements, and then point queries, to show the results page dynamic found out to the list, the question now is if it is a very long SQL statements, page tip can't wear illegal characters, the current solution is going to the front of SQL encryption into fixed length of string, legally and. Net background, tried several encryption algorithms, encryption string is long, is there any bosses know how to deal with this problem, thank you very much

CodePudding user response:

Give them specific business API development, rather than give them literally "to add and delete this sort of thing,"

CodePudding user response:

Accepts user input of SQL, still need to deal with precisely the special characters, and restrict the user to enter the SQL type (such as shielding insert the delete, update), from the perspective of security, or according to the opinions of upstairs, develop the specified API to somebody else,

CodePudding user response:

This needs to live for a long time to see

CodePudding user response:

reference 1st floor interacting in a professional developer response:

give them specific business API development, rather than give them literally "to add and delete this sort of thing,"

+ 1

The client SQL statement many disadvantage:
1, easy to cause SQL injection attacks,
2, reveal the internal implementation details (will provide additional information to other malicious attacks),

The solution is to limit the customer can only through the API to access data,
If you want to achieve a certain degree of rich query, or want to use the industry standard, you can also read and reference
* OData (Microsoft led the Open Data query protocols publicly, dotnet support good)
* GraphQL (facebook, the company is using the data query language (SQL)
* such as other ORDS (Oracle REST Data Services), and so on...

CodePudding user response:

Indeed, upstairs have discussed directly using SQL not reasonable place,
Here is not here,
In addition OData is a more conform to the plan,

CodePudding user response:

This is the interface to solve thing.
The SQL to be drOp del deletes the database

CodePudding user response:

Base64 encryption or URL encryption, decryption again transferred to the background SQL can restore, small cameras

CodePudding user response:

Js encrypted data? No matter how you encryption, useless, js for any user, said is open source, you what algorithms, source code is laid bare in front of the user, none of any encryption security, even if you are to make confusion encryption source code (source code encryption), are of no use, the browser can only identify normal js code, a f12, saw it, everything is nothing but increase the others reading difficulty, do web applications, there should be a concept, is any data submitted from the client is not to be trusted, not reliable, the back-end must work on the data, check on the business