Re: date format
- From: "Peter H. Coffin" <hellsop@xxxxxxxxxxxxx>
- Date: Wed, 16 Sep 2009 07:40:40 -0500
On Tue, 15 Sep 2009 10:08:16 -0400, bill wrote:
Captain Paralytic wrote:
I would certainly check for SQL injection since his statement: " (They
are generated from a javascript function that displays a calendar, so
I don't need to worry about sql injection.)" shows a woeful lack of
understanding of how data gets from the web page to his application.
The assumption that, if data is arriving at the application
(presumably as a result of a form post), it must have come from the
form that I made and no one has played with their own javascript is
just waiting for trouble.
I agree with you. It is unlikely (but not impossible) in this
setting as it is a non-web connected intranet with only 10
trusted users. But, . . .
Habits are EVERYTHING. I certainly never know when I'm writing one thing
that it only and ever shall be used for exactly one purpose under one
set of conditions that I understand correctly and fully. Your app is
non-web connected right now, but it's difficult to think that someone
might not copy that calendar code for an external page sometime, or that
one of your ten trusted users would never get cheesed off at another of
the ten trusted users and want to foul up the other somehow.
--
45. I will make sure I have a clear understanding of who is responsible for
what in my organization. For example, if my general screws up I will not
draw my weapon, point it at him, say "And here is the price for failure,"
then suddenly turn and kill some random underling. --Evil Overlord List
.
- References:
- date format
- From: bill
- Re: date format
- From: Captain Paralytic
- Re: date format
- From: bill
- Re: date format
- From: matt
- Re: date format
- From: Captain Paralytic
- Re: date format
- From: bill
- date format
- Prev by Date: Re: date format
- Next by Date: Re: How to do SFTP?
- Previous by thread: Re: date format
- Next by thread: Re: date format
- Index(es):
Relevant Pages
|
