Thanks John, this is exactly what I needed!
/gustav
Hi Kevin
> John works for George James and George James (his company) does a good > "security risks within Cache" course. I know some of the readers have > been on the course and it comes recommended. > > of course, like the old saying goes, "he could tell you, but then he > would have to kill you ;-}"
I doubt that would be the attitude of John; then he could just as well
sign off from the list. And I guess that the list members are so widely
spread that many of us are not potential participants to his local courses
anyway.
Or are you saying that this security risk is an imaginary dog? That could
be why the manual doesn't mention it.
The risk *is* real. Rather than enabling the "Extrinsic Functions" option it
is safer to leave this feature disabled and write SQL Stored Functions instead. See
http://platinum.intersystems.com/csp/docbook/DocBook.UI.Page.cls?KEY=GSQL_procedures#GSQL_C10411
Note that the online docs about this feature are incorrect in my 5.0.4
installation. They state that the function name is formed only from the
schema (package) name and the method name. The ones present at the URL above
have been corrected - a stored function is called as schema.class_method()
John Murray George James Software www.georgejames.com
