cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Øyvind Harboe" <oyvind.har...@zylin.com>
Subject Re: Is matchExp case insensitive or not?
Date Wed, 02 Aug 2006 06:09:41 GMT
> Another possiblity is to use likeIgnoreCaseExp to pull in results, but
> then go in and manually filter out anything that's not an exact match
> in your code.   That's probably the safest bet and the most portable.
>  Of course, you then have to deal with the possiblity that someone's
> password is "%"

After good nights sleep I arrived at the same conclusion. I pass the
umodified password to likeIgnoreCaseExp and then I do a String compare
against the password in the *first* record that matched.

I don't care about the case where escape chars used in passwords would
cause likeIgnoreCaseExp to not include the record in the query result.

The only thing I assume here is that it is safe to pass a string from
an attacker to likeIgnoreCaseExp().


-- 
Øyvind Harboe
http://www.zylin.com

Mime
View raw message