"Gustav Brock" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi Kevin > > > John works for George James and George James (his company) does a good > > "security risks within Cache" course. I know some of the readers have > > been on the course and it comes recommended. > > > > of course, like the old saying goes, "he could tell you, but then he > > would have to kill you ;-}" > > I doubt that would be the attitude of John; then he could just as well > sign off from the list. And I guess that the list members are so widely > spread that many of us are not potential participants to his local courses > anyway. > > Or are you saying that this security risk is an imaginary dog? That could > be why the manual doesn't mention it.
The risk *is* real. Rather than enabling the "Extrinsic Functions" option it is safer to leave this feature disabled and write SQL Stored Functions instead. See http://platinum.intersystems.com/csp/docbook/DocBook.UI.Page.cls?KEY=GSQL_procedures#GSQL_C10411 Note that the online docs about this feature are incorrect in my 5.0.4 installation. They state that the function name is formed only from the schema (package) name and the method name. The ones present at the URL above have been corrected - a stored function is called as schema.class_method() John Murray George James Software www.georgejames.com
