From haragx at gmail.com Fri Jun 25 08:31:25 2010 From: haragx at gmail.com (Phil Marneweck) Date: Fri, 25 Jun 2010 10:31:25 +0200 Subject: [postmodern-devel] sql injection Message-ID: <1277454685.19793.141.camel@scatha> Hi How susceptible is dao objects to sql injection and what measures would be suggested to prevent sql injection if it is possible with dao objects. Thank You -------------- next part -------------- An HTML attachment was scrubbed... URL: From marijnh at gmail.com Fri Jun 25 08:55:44 2010 From: marijnh at gmail.com (Marijn Haverbeke) Date: Fri, 25 Jun 2010 10:55:44 +0200 Subject: [postmodern-devel] sql injection In-Reply-To: <1277454685.19793.141.camel@scatha> References: <1277454685.19793.141.camel@scatha> Message-ID: Hi Phil, > How susceptible is dao objects to sql injection and what measures would > be suggested to prevent sql injection if it is possible with dao objects. Unless I made a major blunder somewhere, proper use of s-sql and dao objects are completely safe from sql injection. (Improper use would be inserting an unescaped string using the :raw operator.) Best, Marijn From haragx at gmail.com Fri Jun 25 14:21:02 2010 From: haragx at gmail.com (Phil Marneweck) Date: Fri, 25 Jun 2010 16:21:02 +0200 Subject: [postmodern-devel] sql injection In-Reply-To: References: <1277454685.19793.141.camel@scatha> Message-ID: <1277475662.19793.156.camel@scatha> Thanx that is good news i dont use the :raw operator. On Fri, 2010-06-25 at 10:55 +0200, Marijn Haverbeke wrote: > Hi Phil, > > > How susceptible is dao objects to sql injection and what measures would > > be suggested to prevent sql injection if it is possible with dao objects. > > Unless I made a major blunder somewhere, proper use of s-sql and dao > objects are completely safe from sql injection. (Improper use would be > inserting an unescaped string using the :raw operator.) > > Best, > Marijn > > _______________________________________________ > postmodern-devel mailing list > postmodern-devel at common-lisp.net > http://common-lisp.net/cgi-bin/mailman/listinfo/postmodern-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: