cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Curdt <tcu...@dff.st>
Subject Re: Chaining order (Re: [VOTE] Input module chaining)
Date Thu, 10 Oct 2002 10:19:26 GMT
> And why is Torsten is talking about "filters"? 

At least *this* I can explain :)

A request should always be considered harmful - bad - and evil. You should 
never directly use request parameters directly to e.g. to construct a path or 
even a sql statement. (it's not totally bad currently because we use a 
prepare statment with e.g. esql - anyway)

There should be a contract for the request parameters to keep your application 
as safe as possible. We don't have that yet and are now trying to add another 
way letting those possibly evil values into our system.

I thought this should be taken into consideration... and so I came up with a 
possible concept.

understandable?

> gosh, don't you people
> think we already have enough concepts and components and models and
> names?

I often really wished so... *sigh* ..but there is alway room for improvement.

> Sorry for playing devil's advocate, but that's my self-inflicted role,
> you know? :)

we know ;)
--
Torsten

---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message