On Tue, 2002-11-05 at 19:53, Geoff Howard wrote:
> Speaking of protecting against SQL injection - is it
> generally known that DatabaseAuthenticatorAction.java
> is not using PreparedStatement?  I wonder what logging
> in as 
> Donald Ball'; DROP TABLE user_table;
> 
> would do...?

Do you mind trying out and file a bug in bugzilla? ;)
--
Torsten


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org