[Seaside] Single image persistence, GLORP, and SQL-injection

Boris Popov, DeepCove Labs boris at deepcovelabs.com
Tue Apr 19 19:43:44 UTC 2011


DatabasePlatform class>>useBindingByDefault
DatabasePlatform class>>useBindingIfSupported

I would also Google for "sql parameter binding".

Hope this helps,


-----Original Message-----
From: seaside-bounces at lists.squeakfoundation.org
[mailto:seaside-bounces at lists.squeakfoundation.org] On Behalf Of Peter
Kwangjun Suk
Sent: 19 April 2011 15:38
To: Seaside - general discussion
Subject: Re: [Seaside] Single image persistence, GLORP, and

On Tue, Apr 19, 2011 at 12:52 PM, Boris Popov, DeepCove Labs
<boris at deepcovelabs.com> wrote:
> You are only safe from injection with Glorp if your platform and 
> driver support (and have enabled) column binding and you never 
> construct queries by concatenating strings.

Googling 'GLORP "column binding"' for me only turns up the previous
quoted email message.  Is there a place you can point me to for this


There's neither heaven not hell,
save what we grant ourselves.
There's neither fairness nor justice,
save what we grant each other.
seaside mailing list
seaside at lists.squeakfoundation.org

More information about the seaside mailing list