Denver Braughler wrote: >> ... Added advantage of using a wrapper is that you can easily >> Job expressions, classmethods etc., and set a default error trap. ... > >But also has a big disadvantage known as extrinsic function call can execute >arbitrary code on the system.
Good point, and something well worth taking into consideration. I wonder, though, if this would be exploitable? AFAIK, you either have access to a Cach� system or you don't; I don't know if a #server()# call (or equivalent) from a CSP page can be faked, as they are (to my knowledge) always encrypted. Do you see a possible exploit? An alternative approach with the same advantages is passing in a Job ID number, that would map to one of a fixed number of jobs. At least the common features (job'ing class methods, setting up an error handler) would remain. (Obviously, if only one job needs to be called, all this overhead is unnecessary.) Gertjan. -- Gertjan Klein
