Jump to content

  • Log In with Google      Sign In   
  • Create Account

Interested in a FREE copy of HTML5 game maker Construct 2?

We'll be giving away three Personal Edition licences in next Tuesday's GDNet Direct email newsletter!

Sign up from the right-hand sidebar on our homepage and read Tuesday's newsletter for details!


#ActualNypyren

Posted 19 February 2013 - 10:58 PM

If you don't have a server, then it doesn't matter.  The security risk is when you have a client, a server, and allow the client to send arbitrary SQL commands to the server.  A malicious user notices this and then decides to just send whatever SQL command he wants, such as "select * from creditcards" (or whatever - you get the idea).

 

If you only have a client, and no server, the malicious user already has access to everything he could want, so whether you use SQL or not won't matter in that regard.


#1Nypyren

Posted 19 February 2013 - 10:55 PM

If you don't have a server, then it doesn't matter.  The security risk is when you have a client, a server, and allow the client to send arbitrary SQL commands to the server.  A malicious user notices this and then decides to just send whatever SQL command he wants, such as "select * from creditcards" (or whatever - you get the idea).


PARTNERS