> On Mon, Jun 30, 2003 at 09:04:27AM -0400, Aubin Paul wrote:
>> <freevo>
>> <smart_playlist>select songs from music where
>> play_count=max(play_count) limit 25</smart_playlist>
>> </freevo>
>
> Actually, allowing a proper SQL query would be a security hole, so it
> should be something like this:
>
> <freevo>
> <smart_playlist>play_count=max(play_count) limit
> 25</smart_playlist>
> </freevo>
>
> The 'select songs from music where' part would be implied.
I think you can do subqueries in sqlite, so wouldn't that still leave it
open for arbitrary "SELECTS"?
What would the security hole consist of, other than the user deleting his
own tables?
/ Krister
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Freevo-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/freevo-devel
