-------- Original Message --------
Subject: [Dbix-class] Read only resultsets
From: Dan Horne <[email protected]>
To: [email protected]
Date: Thu Aug 12 2010 01:08:08 GMT+0200 (CET)
The recent discussion on read only objects has got me wondering. Say one has
an app which basically sends result sets to TT templates. What stops a
malicious designer from doing DB updates in the templates since they have
the RS objects? I could mimic the DBI solution of returning arrayrefs of
hashrefs, but that doesn't allow for the chaining of methods to get related
resultsets, Nor would it give me access to pagination info.
That's why i convert DBIx::Class objects to hashes or some MiddleLayer
objects, when returning data from model (when I cannot trust what's done
in templates). So before rendering, have to think what is needed in
View, all data must be retrieved, and processed. Then only displayed.
Some extra work, but if i cannot trust TT ...
Read only objects? well if it can be made read-only, probably it could
also be made read-write
--
pp
_______________________________________________
List: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/dbix-class
IRC: irc.perl.org#dbix-class
SVN: http://dev.catalyst.perl.org/repos/bast/DBIx-Class/
Searchable Archive: http://www.grokbase.com/group/[email protected]
