Dan Horne wrote: > The recent discussion on read only objects has got me wondering. Say one > has an app which basically sends result sets to TT templates. What stops > a malicious designer from doing DB updates in the templates since they > have the RS objects?
Make sure that the DBI connection that the templates use is of a db-user that only has SELECT privileges? Cheers, Dave _______________________________________________ List: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/dbix-class IRC: irc.perl.org#dbix-class SVN: http://dev.catalyst.perl.org/repos/bast/DBIx-Class/ Searchable Archive: http://www.grokbase.com/group/[email protected]
