Tarus Balog wrote: > On Aug 18, 2009, at 7:25 PM, DJ Gregor wrote: > >> Lastly, we might want to make a parameterization-friendly version of >> Querier to make it easier to upgrade old SQL queries in an SQL >> injection-resistant manner. > > Great idea. While there should be little danger to a network posed by > owning an OpenNMS server, the latest arrest on the 130 million credit > card number scheme showed that SQL injections are a) pretty common and > b) pretty powerful. > > We want to avoid them, of course. >
There is also the issue that not all OpenNMS deployments are in cosed networks, and by nature machines that needs to be monitored may have more services readily open for traffic sourced from an OpenNMS instance than would otherwise be available to take a poke at. > -T > -A ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-devel mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-devel
