click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Malcolm Edgar <>
Subject Re: How sure is Click agains SQL injections?
Date Mon, 29 Mar 2010 00:41:00 GMT
Hi George,

Click does not provide any specific facilities to prevent SQL
injection attacks, as this is an application domain requirement.

To manage this issue I would recommend using the facilities of an ORM,
and potentially a application level Filter strip dangerous characters,
or to reject these requests.

regards Malcolm Edgar

On Mon, Mar 29, 2010 at 12:30 AM, georgex <> wrote:
> How sure is Click against SQL injections?
> I mean a typical Click application like Click-Examples - but without Spring
> (where the average programmer doesn't add an extra layer of checking - but
> it's using Click as default).
> Thanks,
> George.
> --
> View this message in context:
> Sent from the click-development mailing list archive at

View raw message