database security

Maiku

Here's the deal: to make my life easier, I plan on creating a system that keeps my full pages (html and integrated php) in a MySQL database. The system, depending on the query string passed to the php script, would then pull and eval that html/php from the database. Of course, the query strings would be checked for existance and to make sure they aren't fabricated to cause trouble.

The question is, is a system like this secure enough to implement? I have my seroius doubts, but I'd like to here what you people think. I'm not worried at all with a hacker being able to hack the code via the address bar; I have implemented a well tested method to prevent that. What I am worried about is the time between the sending of the information to the script and the recieving: could a hacker during this time interupt the connection and replace the proper return elements with his own destructive ones? What else do I have to worry about.

Thanks 😃

AshtrayWaterloo

If you use apache's mod_rewrite for this (as some people do) it should be very secure. This way, the actual variables in the querystring (i.e. address) don't show up and it's all processed behind the scenes. On top of that it works very nicely with search engines.

Just a thought.

Ash

Maiku

unfortunately, I cannot control the system settings. I am on a shared server. In fact, my host used to have safe mode on all the time, but I just noticed it is no longer used. Could this be a problem? Any other ideas? I'd really appreciate some more feed back.