The implementer is the programmer that uses your class. True that SQL injection
is only an issue with data from untrusted sources, if you get into a habit of
"sanitizing" everything then you don't have to ever think about it when you're
in a different environment. I think you're on the right track and I hope
someday soon to get my head above water enough to "play with" it. Who knows I
might even come up with something to contribute back. :-)
Sent From My iPhone
On Jun 21, 2012, at 5:10 PM, Mark Miesfeld <[email protected]> wrote:
> On Thu, Jun 21, 2012 at 1:43 PM, Lee Peedin <[email protected]> wrote:
> Converting a .nill to NULL would/should be the responsibility of the
> implementer.
>
> Hi Lee,
>
> Not sure who you mean by the implementer here. The implementer of the
> .ooSQLite package, or the implementer of the program that uses the .ooSQLite
> package.
>
>
>
> And the best place to do that would be in a sanitize routine that all column
> values should be sent to prior to an insertion/update. That is if you want to
> bypass the possibility OS SQL injection.
>
>
> SQL injection is only a problem if you are using data coming from an
> untrusted source. So far what we are talking about is data coming from the
> programmer himself. So it is not untrusted.
>
> In addition, what we are talking about is a single string, there are no
> separate arguments for column values.
>
> I think the place for a sanitizer routine is in the application that uses
> .ooSQLite.
>
> --
> Mark Miesfeld
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Oorexx-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/oorexx-devel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
