Gertjan Klein wrote: > Denver Braughler wrote: > >> ... Added advantage of using a wrapper is that you can easily > >> Job expressions, classmethods etc., and set a default error trap. ... > > > >But also has a big disadvantage known as extrinsic function call can execute > >arbitrary code on the system. > Good point, and something well worth taking into consideration. I > wonder, though, if this would be exploitable? AFAIK, you either have > access to a Cach� system or you don't; I don't know if a #server()# > call (or equivalent) from a CSP page can be faked, as they are (to my > knowledge) always encrypted. Do you see a possible exploit?
How about an exploit by a disgruntled programmer? What if Cache' is released with a new hole? What if someday someone turns on SQL extrinsics? At the least, you might to change the tag to %JobEntry.
