I'd have some kind of validate method on the bean. Probably use it to call a composed validation bean. I'd put the logic there.
Best Wishes, Peter On Jul 2, 2008, at 3:59 PM, Brian Kotek wrote: > Well assuming you have some sort of validation routine or CFC that > you run the data through before saving it, you could just do it there. > > On Wed, Jul 2, 2008 at 3:57 PM, Ronan Lucio <[EMAIL PROTECTED]> > wrote: > > Hi All, > > I have a form with some fields. > Some fields I use to convert special characters from ASCII to it's > HTML > Entity Names (" ' & < >) before save into > database, > to avoid cross-site scripting. > > Do you think it's better to do these kind of checks in the Service > Layer > to keep application's security concerns in only one point. > or > Do you think it's better to do these kind of checks in the DAO.save() > methods to get a better encapsulation and a more legible and clear > service? > > Thanks, > Ronan > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CFCDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfcdev?hl=en -~----------~----~----~----~------~----~------~--~---
