Hi All, SQL injection when using cursor.execute is one of our major issues and concerns today. For example: A merge proposed last day is again subject to the same issue: (Refer: https://code.launchpad.net/~frederic-declercq/openobject-addons/addons-fu/+merge/16205 )
I found the last major fight here: https://bugs.launchpad.net/openobject-server/+bug/422563 and the guidelines here: http://doc.openerp.com/contribute/developing_modules.html?highlight=sql%20injection#security But I am not sure it works the way we want. Can this community publish some guidelines abut how to avoid these issues in the code? Regards -- Sharoon Thomas Business Analyst & ERP Consultant http://bit.ly/5FAJKU
_______________________________________________ Mailing list: https://launchpad.net/~openerp-expert-framework Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-expert-framework More help : https://help.launchpad.net/ListHelp
