And that is the developer who has left it open to that. Any sane developer would have put "parameters" in the query
> String q = "select from Employee where managerID == :user && lastName == > :name"; and there any vulnerability disappears. :-P Besides which the query written like that would also optimise far better -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
