Well assuming you have some sort of validation routine or CFC that you run the data through before saving it, you could just do it there.
On Wed, Jul 2, 2008 at 3:57 PM, Ronan Lucio <[EMAIL PROTECTED]> wrote: > > Hi All, > > I have a form with some fields. > Some fields I use to convert special characters from ASCII to it's HTML > Entity Names (" ' & < >) before save into database, > to avoid cross-site scripting. > > Do you think it's better to do these kind of checks in the Service Layer > to keep application's security concerns in only one point. > or > Do you think it's better to do these kind of checks in the DAO.save() > methods to get a better encapsulation and a more legible and clear service? > > Thanks, > Ronan > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CFCDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfcdev?hl=en -~----------~----~----~----~------~----~------~--~---
