Quote:
Originally Posted by mlewis
Knowing that putting mysql directly on the net is a bad idea, I wondered if some had done that, perhaps there was a known practice, a way of doing so which was pretty safe. Everyone seems to agree, no, look for an intermediary.
|
Well, yes, there are safe ways of doing this, but I think the problem is you're looking for an off-the-shelf solution, and I'm not sure there is such a beast. Everyone's data and schema are going to be different so there really isn't a universal way of doing this, you generally need to roll your own. You
might be able to use a pipelining tool like Pentaho to pull it off, but I'm not sure that is any easier than learning how to do a basic PHP or HTML/Python/Perl page that can parse a standardized file.
From a security standpoint, what you are really after is space between mysql and the user. As long as you are running only your vetted SQL statements, and sanitizing the user's input to prevent sql injection attacks, you're about as safe as you can be in this situation.