Tuesday, June 17, 2008

SQL injection will be more and more easy ?

Yes folks, I think the title of this post is right.
IBM(R) has published his new "Database Connectivity for Javascript" which allows Web clients to have directly access to server side data base. Here it is from IBM(R):


What is Database Connectivity for JavaScript?
IBM® Database Connectivity for JavaScript™ is middleware that enables Web clients to directly access server-side relational data without compromising enterprise security.
On the client, IBM Database Connectivity for JavaScript consists of a JavaScript API and library that can be used by Web applications without special browser plug-ins. On the server, the IBM Database Connectivity for JavaScript gateway, written in PHP, is an adaptor layer that mediates between IBM Database Connectivity for JavaScript and relational databases and provides functions such as operation forwarding and security. Web 2.0 applications can thus use IBM Database Connectivity for JavaScript to access relational data as a first-class construct instead of through ad hoc protocols. [..]

Well, actually I'm wondering: “Directly access” without compromising “enterprise security” ?? Isn't there something strange ?? Control layer on my Firebug, hemmm I wanna say .. on my bowser ? Do you really trust that ? :)

No comments: