[Seaside] Single image persistence, GLORP, and SQL-injection
Boris Popov, DeepCove Labs
boris at deepcovelabs.com
Tue Apr 19 19:43:44 UTC 2011
Peter,
DatabasePlatform class>>useBindingByDefault
DatabasePlatform class>>useBindingIfSupported
DatabasePlatform>>supportsBinding
DatabasePlatform>>canBind:to:
I would also Google for "sql parameter binding".
Hope this helps,
-Boris
-----Original Message-----
From: seaside-bounces at lists.squeakfoundation.org
[mailto:seaside-bounces at lists.squeakfoundation.org] On Behalf Of Peter
Kwangjun Suk
Sent: 19 April 2011 15:38
To: Seaside - general discussion
Subject: Re: [Seaside] Single image persistence, GLORP, and
SQL-injection
On Tue, Apr 19, 2011 at 12:52 PM, Boris Popov, DeepCove Labs
<boris at deepcovelabs.com> wrote:
> You are only safe from injection with Glorp if your platform and
> driver support (and have enabled) column binding and you never
> construct queries by concatenating strings.
Googling 'GLORP "column binding"' for me only turns up the previous
quoted email message. Is there a place you can point me to for this
technique?
--Peter
--
There's neither heaven not hell,
save what we grant ourselves.
There's neither fairness nor justice,
save what we grant each other.
_______________________________________________
seaside mailing list
seaside at lists.squeakfoundation.org
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
More information about the seaside
mailing list