Yes i understand and i agree with your point and i have also read the security consideration written by Howard on its blog about SQL escaping. But we are trying to follow OWASP recommandations and each layer should be protected, not only for SQL escaping. While others are already handled by Tapestry, this one is important also for older application that do not use JPA implementations
2010/1/7 Thiago H. de Paula Figueiredo <thiag...@gmail.com> > Em Wed, 06 Jan 2010 16:51:52 -0200, cordenier christophe < > christophe.corden...@gmail.com> escreveu: > > > Tapestry has a lot of security mechanisms regarding type control, method >> events control... but sql escaping is missing, this is my first goal but i >> am writing a mechanism with an extensible and configurable list of codec. >> > > IMHO, SQL escaping is something to be done at the persistence layer level, > not at the presentation layer (Tapestry). > By the way, using some object-relational mapping like Hibernate, JPA or > iBatis solves the problem for you, as they do the escaping automatically. > > -- > Thiago H. de Paula Figueiredo > Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, > and instructor > Owner, software architect and developer, Ars Machina Tecnologia da > Informação Ltda. > http://www.arsmachina.com.br > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
