[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

question abouMV and SQL security

To: MiniVend List <minivend-users@minivend.com>
Subject: question abouMV and SQL security
From: Ace Kumar <ace@digiknow.com>
Date: Sun, 28 Feb 1999 17:17:21 -0500 (EST)
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Ace Kumar <ace@digiknow.com>     ******



I'm running a few catalogs (MV 3.11) w/ SQL

One thing i noticed is that if I do a search using st=sql&sq=<WHATEVER>,
if someone changes the <WHATEVER> to, say,
	UPDATE products SET price = '1.00' WHERE code = '22'
then the price *will* get updated.

It seems that the user who runs minivend needs to be in (my case) the
msql.acl file to be allowed to write to the database.  

So, is there anything in MV3.12 that prevents using any SQL statement
*exscept* SELECT?  Has anybody alread patched their MV to do this?



Ace
-- 
   Simran (Ace) Kumar, Systems Integrator - DigiKnow LLC
          25700 Science Park Drive #260, Cleveland Ohio 44122
             Office: (216)292-7259         Fax (216)292-4952
                                                   www.digiknow.com

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: question abouMV and SQL security
  - From: "Steven C. Mann" <apota@gte.net>
- Re: question abouMV and SQL security
  - From: mikeh@minivend.com

Prev by Date: RE: Dilemma
Next by Date: Minivend error
Prev by thread: MV: Inet mode
Next by thread: Re: question abouMV and SQL security
Index(es):
- Date
- Thread