> And why is Torsten is talking about "filters"? At least *this* I can explain :)
A request should always be considered harmful - bad - and evil. You should never directly use request parameters directly to e.g. to construct a path or even a sql statement. (it's not totally bad currently because we use a prepare statment with e.g. esql - anyway) There should be a contract for the request parameters to keep your application as safe as possible. We don't have that yet and are now trying to add another way letting those possibly evil values into our system. I thought this should be taken into consideration... and so I came up with a possible concept. understandable? > gosh, don't you people > think we already have enough concepts and components and models and > names? I often really wished so... *sigh* ..but there is alway room for improvement. > Sorry for playing devil's advocate, but that's my self-inflicted role, > you know? :) we know ;) -- Torsten --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
