Jim Hurley wrote:
> But there is certainly a nice generic quality to Do.
> "Never mind what, just Do it."
And in that lies one more reason to use "do" only with great care:
In areas where it may be affected by user inputs it can become an
injection vulnerability.
The rest of the language is reasonable secure, but "do", "value", and
the other dynamically-interpreted commands can be quite risky when mixed
with incoming data, which is often when they're most valuable, so it may
help to be mindful of this and include sanitizing error checks on any
strings sent to such commands.
Related:
<http://xkcd.com/327/>
--
Richard Gaskin
Fourth World Systems
Software Design and Development for Desktop, Mobile, and Web
____________________________________________________________
[email protected] http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
