RFUC : aXML release 0.2.0

Replies are listed 'Best First'.
Re: RFUC : aXML release 0.2.0 by chromatic (Archbishop) on Jul 17, 2011 at 23:22 UTC
A malicious user could send a carefully crafted cookie and run arbitrary SQL in your database. Stop interpolating strings into SQL queries.	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.
Re: RFUC : aXML release 0.2.0 by kejohm (Hermit) on Jul 18, 2011 at 00:01 UTC
A small suggestion would be to rename the `System::` packages to `aXML::System::`. This would make it clear that they belong with this module and can avoid stomping on other modules' namespaces.	[reply] [d/l] [select]
Re^2: RFUC : aXML release 0.2.0 by Logicus (Initiate) on Jul 18, 2011 at 00:05 UTC
Good idea, I'll do that for the next release!	[reply]
Re: RFUC : aXML release 0.2.0 by locked_user sundialsvc4 (Abbot) on Jul 18, 2011 at 03:50 UTC
It is not far wrong to say, “categorically,” that if you are using string variables to construct SQL queries in this way, “it is the kiss o’ death.” Query parameters have to be parameters. The logic needs to pass Test::Taint with flying colors. I wish I knew more about what “aXML” actually is, to better understand where this package is trying to go ... to better understand what problem or requirement it is trying to address ... why it is cool. I quite honestly don’t.
A reply falls below the community's threshold of quality. You may see it by logging in.