With an admin application, you necessarily have to trust the content your users are adding. How far you trust them depends on the app, but in general, you have to assume they know what they're doing, and if they enter malicious code, that's what they wanted. I.e. it's policy enforcement, not technical enforcement.
cheers, barneyb On 8/25/05, Andy McShane <[EMAIL PROTECTED]> wrote: > I will do. Another quick point, anybody who has had any experience with > FCKeditor and saving the entered content into a SQL server database, are > there any critical things to look out for i.e. any string replacement that > needs to be done in order to save the content? Ways to prevent malicious > code being entered? > -- Barney Boisvert [EMAIL PROTECTED] 360.319.6145 http://www.barneyb.com/ Got Gmail? I have 50 invites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216372 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
