Hi guys, i'm having a serious headache. My enemy is Sql Injection. I'm forced to use TRemoteDb, server is in the cloud.
The final purpose would be:
1) on client, get Request content in TRemoteDBDatabase.OnRequestSending, crypt in some way the Sql Statement, and then use
Req.SetContent(TEncoding.UTF8.GetBytes('Request content'));
to re-fill the content to send
2) on server, use a TCustomMiddleware to decrypt content, and then process the request
My
problem is how to get Request content in OnRequestSending. Only way
(for what i've discovered) is to use the PByte Request.ContentBuffer,
but i'm stuck trying to convert this PByte to some other format (TBytes,
Array of Bytes, string, ecc..).
Questions:
.
a)
i'm mad, and i need a mental treatment ? I have to overcome the guys
that, on client pc, try to intercept the traffic between my application
and server, and prove that it's possible to inject something to server.
I'm trying to find a way to solve this thing.
b) what is the best way to get content from THttpRequest, before it's sent to server ? I'm maybe missing some crucial thing ?
Thanks, ciao
Arnaldo