On 2/18/07, Mark Zealey <[EMAIL PROTECTED]> wrote:
... re the easy solutions presented earlier in the thread for sticking a form into a db and back again; I don't ususally make the code that simple because it could open up injection attacks and doesn't work too well with more complex forms or fields. I usually explicitly list which fields i want to use so then a typo in the form or a forgotten/newly added field in the form will not allow remote users to mess with bits of the database you don't want them to mess with. I guess you could probably use db column permissions to do that db-side though. Mark
The FormBuilder tutorial mentions that it limits the data that can be passed through the forms it creates (see the "Important:" note near the bottom of the page): http://www.formbuilder.org/tutor/index.pl?c=1&s=7 Has anyone looked into how comprehensive these protections are against the full range of possible attacks?
_______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/