cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luca Morandini" <spectrum.morand...@ipzs.it>
Subject R: A case of SQL injection
Date Tue, 05 Nov 2002 14:48:45 GMT
> -----Messaggio originale-----
> Da: Torsten Curdt [mailto:tcurdt@dff.st]
> Inviato: martedì 5 novembre 2002 15.25
> A: cocoon-dev@xml.apache.org
> Oggetto: Re: A case of SQL injection

>   String p = request.getParameter("id","id-filter");
>
> So filtering would be very easy and as close as possible to the request
> but not really forced - it would be an option we should document and
> promote very well.
>
> What do guys think?

Torsten,

call me boring, but, wouldn't it be better using stored procedures over
dynamic SQL ?

It offers: SoC, code re-use, security, performance...

Best regards,

Luca Morandini
lmorandini@ieee.org


     We are protected from the virus by Norton Antivirus Corporate Edition

---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message