cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Curdt <tcu...@dff.st>
Subject RE: A case of SQL injection
Date Tue, 05 Nov 2002 19:12:43 GMT
On Tue, 2002-11-05 at 19:53, Geoff Howard wrote:
> Speaking of protecting against SQL injection - is it
> generally known that DatabaseAuthenticatorAction.java
> is not using PreparedStatement?  I wonder what logging
> in as 
> Donald Ball'; DROP TABLE user_table;
> 
> would do...?

Do you mind trying out and file a bug in bugzilla? ;)
--
Torsten


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message