cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hunsberger, Peter" <>
Subject RE: A case of SQL injection
Date Tue, 05 Nov 2002 15:19:17 GMT
>>   String p = request.getParameter("id","id-filter");
>> So filtering would be very easy and as close as possible to the request
>> but not really forced - it would be an option we should document and
>> promote very well.
>> What do guys think?
> Torsten,
> call me boring, but, wouldn't it be better using stored procedures over
> dynamic SQL ?
> It offers: SoC, code re-use, security, performance...

What stored procedure language are you going to use?  I think it will be a
while before ANSI Standard Stored Procedures can be counted on to be in all
the databases Cocoon users might want to work with...

To unsubscribe, e-mail:
For additional commands, email:

View raw message