Sandor Szücs
7/17/2008 10:08:00 AM
On 17.07.2008, at 11:19, babu nair wrote:
> Can any one help how to write SQL QUERY inside javascript
First that's not a list about javascript.
Second you don't want to let your clients talk directly with your =20
database.
Third if you really want do this, I think you want to attack a db =20
through
other people by XSS and we shouldn't help you.
Think about JS. It's running in the browsers JS-engine of your clients.
Do you really trust all your clients?
=46rom attackers point of view it's nice. We can directly communicate =20=
with your
DB and you couldn't do anything to prevent this, because you trust =20
us. Clients
have never been trustworthy!
hth. regards, Sandor Sz=FCcs
--=