Hi All, I have a form with some fields. Some fields I use to convert special characters from ASCII to it's HTML Entity Names (" ' & < >) before save into database, to avoid cross-site scripting.
Do you think it's better to do these kind of checks in the Service Layer to keep application's security concerns in only one point. or Do you think it's better to do these kind of checks in the DAO.save() methods to get a better encapsulation and a more legible and clear service? Thanks, Ronan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CFCDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfcdev?hl=en -~----------~----~----~----~------~----~------~--~---
