On Tue, 2002-11-05 at 19:53, Geoff Howard wrote: > Speaking of protecting against SQL injection - is it > generally known that DatabaseAuthenticatorAction.java > is not using PreparedStatement? I wonder what logging > in as > Donald Ball'; DROP TABLE user_table; > > would do...?
Do you mind trying out and file a bug in bugzilla? ;) -- Torsten --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
