[Seaside] Single image persistence, GLORP, and SQL-injection
diogenes.moreira at gmail.com
Tue Apr 19 17:31:00 UTC 2011
Dont worry about SqlInjection because:
A. You do not have access to the image objects from request. Seaside use the
B. The binding of the fields and properties is automatic, any one can't do
something like that 'A and 1=1'.
SQLString is composed by Glorp, but all string are saves for the platforms
If you find a way to make SQLInject .. please let me know:)
On Tue, Apr 19, 2011 at 1:56 PM, Peter Kwangjun Suk <
peter.kwangjun.suk at gmail.com> wrote:
> I've been playing around with a small application in Seaside/Magritte
> running on Pharo 1.2.1, Cog VM, on OS X. I'm primarily interested in
> small sites/apps with lightweight persistence. GLORP would be a good
> option though not exactly lightweight, since it is largely transparent
> to the application code, but I am concerned about SQL-injection
> attacks. Is there a good, quick guide/library for proofing GLORP
> against SQL injection attacks, or is there another lightweight option
> for single-image persistence which is also transparent? I have seen
> references to Magma, and I've noted that many say it adds about 30
> seconds to image startup. I have dabbled with SandstoneDB, but find
> that there's too much involvement with application code. I've also
> read through the persistence section of the Seaside book, but I find I
> still cannot make up my mind.
> I would love it if I could just leverage meta-data from Magritte, and
> have my objects be magically persistent, with no changes to
> application code, and no worries about SQL injection.
> Any recommendations?
> There's neither heaven not hell,
> save what we grant ourselves.
> There's neither fairness nor justice,
> save what we grant each other.
> seaside mailing list
> seaside at lists.squeakfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the seaside