If you aren't familiar with these already, please take the time to read some of these. While any application that uses SQL can be vulnerable to this, using SQL in the Web container typically will increase your risk (not simply because you are in the web container, but because multi-tiered systems typically (or should) have more parameter validation).
http://www.4guysfromrolla.com/webtech/061902-1.shtml http://www.securiteam.com/securityreviews/5DP0N1P76E.html http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf http://www.ebcvg.com/articles.php?id=210 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 2:40 PM To: '[EMAIL PROTECTED]' Subject: RE: Vote: to unify, or not to unify - results i recommend the use of xsp/esql ---> xml when the needs are select only queries it very simple/clean and cover the needs in most cases i dont recommend this approach for update queries. --stavros On Tue, 4 May 2004, Ralph Goers wrote: > I'm confused by your statement. Did you mean that xsp/esql is perfect in > most cases for you (and your product website), or that you feel it is the > "best" way to perform an SQL query and that it should be recommended to > everyone? > > Ralph > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 04, 2004 2:14 PM > To: [EMAIL PROTECTED] > Subject: Re: Vote: to unify, or not to unify - results > let me put here my two cents > > for select queries xsp/esql is great and the perfect _in_most_cases_ way > in most cases we create pipelines that make select queries and return the > content in xml format. then we call this pipelines in most cases internal. > > > --stavros > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
