cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hunsberger, Peter" <Peter.Hunsber...@stjude.org>
Subject RE: A case of SQL injection
Date Tue, 05 Nov 2002 15:19:17 GMT
>>   String p = request.getParameter("id","id-filter");
>>
>> So filtering would be very easy and as close as possible to the request
>> but not really forced - it would be an option we should document and
>> promote very well.
>>
>> What do guys think?
>
> Torsten,
> 
> call me boring, but, wouldn't it be better using stored procedures over
> dynamic SQL ?
> 
> It offers: SoC, code re-use, security, performance...

What stored procedure language are you going to use?  I think it will be a
while before ANSI Standard Stored Procedures can be counted on to be in all
the databases Cocoon users might want to work with...


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message