cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Goers <Ralph.Go...@digitalinsight.com>
Subject RE: Vote: to unify, or not to unify - results
Date Tue, 04 May 2004 22:11:57 GMT
If you aren't familiar with these already, please take the time to read some
of these. While any application that uses SQL can be vulnerable to this,
using SQL in the Web container typically will increase your risk (not simply
because you are in the web container, but because multi-tiered systems
typically (or should) have more parameter validation).

http://www.4guysfromrolla.com/webtech/061902-1.shtml
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
http://www.ebcvg.com/articles.php?id=210



-----Original Message-----
From: gounis@osmosis.gr [mailto:gounis@osmosis.gr] 
Sent: Tuesday, May 04, 2004 2:40 PM
To: 'users@cocoon.apache.org'
Subject: RE: Vote: to unify, or not to unify - results



i recommend the use of xsp/esql ---> xml

when the needs are select only queries
it very simple/clean and cover the needs in most cases

i dont recommend this approach for update queries.

--stavros

On Tue, 4 May 2004, Ralph Goers wrote:

> I'm confused by your statement. Did you mean that xsp/esql is perfect in
> most cases for you (and your product website), or that you feel it is the
> "best" way to perform an SQL query and that it should be recommended to
> everyone? 
> 
> Ralph
> 
> -----Original Message-----
> From: gounis@osmosis.gr [mailto:gounis@osmosis.gr] 
> Sent: Tuesday, May 04, 2004 2:14 PM
> To: users@cocoon.apache.org
> Subject: Re: Vote: to unify, or not to unify - results
> let me put here  my two cents
> 
> for select queries xsp/esql is great and the perfect _in_most_cases_ way
> in most cases we create pipelines that make select queries and return the 
> content in xml format. then we call this pipelines in most cases internal.
> 
> 
> --stavros
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message