Thanks Barney, that's what I was thinking along those lines so your comments help enforce my argument with my 'he who cannot be wrong' manager!
-----Original Message----- From: Barney Boisvert [mailto:[EMAIL PROTECTED] Sent: 25 August 2005 18:30 To: CF-Talk Subject: Re: FCKeditor & Fusebox4.1 With an admin application, you necessarily have to trust the content your users are adding. How far you trust them depends on the app, but in general, you have to assume they know what they're doing, and if they enter malicious code, that's what they wanted. I.e. it's policy enforcement, not technical enforcement. cheers, barneyb On 8/25/05, Andy McShane <[EMAIL PROTECTED]> wrote: > I will do. Another quick point, anybody who has had any experience with > FCKeditor and saving the entered content into a SQL server database, are > there any critical things to look out for i.e. any string replacement that > needs to be done in order to save the content? Ways to prevent malicious > code being entered? > -- Barney Boisvert [EMAIL PROTECTED] 360.319.6145 http://www.barneyb.com/ Got Gmail? I have 50 invites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216460 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
