Speaking of protecting against SQL injection - is it generally known that DatabaseAuthenticatorAction.java is not using PreparedStatement? I wonder what logging in as Donald Ball'; DROP TABLE user_table;
would do...? Geoff Howard __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
