Mailing-List: contact cocoon-dev-help@xml.apache.org; run by ezmlm
Precedence: bulk
Reply-To: cocoon-dev@xml.apache.org
Date: Wed, 6 Nov 2002 09:44:39 +0000 (GMT)
From: Andrew Savory <andrew@luminas.co.uk>
To: cocoon-dev@xml.apache.org
Subject: Re: R: R: A case of SQL injection
In-Reply-To: <3DC83BBD.6090607@kaon.com>
Message-ID: 
 <Pine.LNX.4.44.0211060940160.913-100000@oxygen.internal.luminas.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: Andrew Savory <savs@luminas.co.uk>


On Tue, 5 Nov 2002, Ilya A. Kriveshko wrote:

> With my limited knowledge of this subject (BTW, I'm not insecure -
> I'm polite) I don't see data checking as the job of the DBMS. DBMS
> simply maintains the data, executes queries that the client provides,
> returns the results and ensures that proper side-effects occur.

Hi Ilya,

We're probably straying off-topic here, but I thought I'd just say a word
or two about why you might want data checking at the DBMS level.

The benefit of letting the DBMS decide what is and isn't good data is that
you can then change the application on the front of the database easily
(or write a new one), knowing that the rules for what data can be used and
how it can be accessed are maintained at the database level (and don't
need to be ported from application to application).

Although I'm all for checking at the application level too -- you can
never be over careful!


Andrew.

-- 
Andrew Savory                                Email: andrew@luminas.co.uk
Managing Director                              Tel:  +44 (0)870 741 6658
Luminas Internet Applications                  Fax:  +44 (0)700 598 1135
This is not an official statement or order.    Web:    www.luminas.co.uk


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org