Gaulin, Mark wrote: > Dave wrote: >> But what exactly would this tag do, if not create a bound parameter? > It sounds like what you really want is an off switch. > > Yes! I want an off switch so when debugging is more important than > security, I can do that without changing any code!
And how long will it be before you switch it off in production so you can see the values in the automatically generated emails your system generates? > (Sort of like the way > assert() works in other languages.... when you debug you get one thing, > when to run you get another.) But leaving asserts on in production can hardly remain undetected since they throw an exception. > [To Jochem] > MS SQL Server is a pretty decent database product, and their profiler > shows exactly what was sent to the database, nothing more, nothing less. And apparently you want to see more. > You two are really stuck on your positions and I'm only saying that more > flexibility in the language would make more applications more secure I don't believe that. Security only works when it is enabled by default. Security options that can be disabled will be disabled. > Sounds like a win-win to me, but if > defending the status-quo is all you want to do, then come and get me, > because I kinda wish things would change. I do not want to defend the status quo. In fact, I have several open feature requests registered at Adobe in order to make cfqueryparam and datasources in general safer. I just don't want to see any changes that move in a direction that I feel is the wrong one. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get involved in the latest ColdFusion discussions, product development sharing, and articles on the Adobe Labs wiki. http://labs/adobe.com/wiki/index.php/ColdFusion_8 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285880 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
