> > Well I suppose it could be an odd case of a string getting into the data > > that can also be interpreted as code. > >AKA an SQL injection attack ;)
Yeah, imagine my chagrin. My parser hacks up whatever comes in pretty well so I doubt anything coherent could survive to be executed. It would just throw an obscure error. Also generic validation code in my framework won't allow expressions like "&something" or "! this" or "EXEC anything" to get past the business object. Ken www.stic-cil.org _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
