On Mon, 10 Dec 2007, Hans-Christoph Steiner wrote:
Too often "reducing effort" is equated with typing shortcuts and things along
that line. I think putting everything into the [psql] object box is version
of this. Things are a bigger concerns in the push to reduce effort are:
- reducing bugs!
- reducing time spent learning new objects
- reducing time spent remembering how to use objects
- making flexible programming easier rather than basic programming faster
add this:
- reducing risk of accidental SQL injection vulnerability
- reducing risk of intentional SQL injection vulnerability
- reducing to zero the effort required to protect against SQL injection
vulnerability
And if SQL injection vulnerabilities are assumed to have to be addressed
in the first place, then your interface is increasing likelihood of bugs,
increasing time spent learning how to use objects _correctly_, increasing
how much there's to remember about how to get a SQL query right, and
making flexible programming harder (compared to a version that would work
the way I say except support replacing a placeholder-based query by
another placeholder-based query in case anyone ever needs this)
_ _ __ ___ _____ ________ _____________ _____________________ ...
| Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC Canada
_______________________________________________
PD-list@iem.at mailing list
UNSUBSCRIBE and account-management ->
http://lists.puredata.info/listinfo/pd-list