Re: Is matchExp case insensitive or not?

From: Øyvind Harboe (oyvind.harbo..ylin.com)
Date: Wed Aug 02 2006 - 02:09:41 EDT

Next message: Borut BolÄin: "Re: Database replication and caching"

Previous message: Malcolm Edgar: "[ANN] Click Framework 1.0 RC1 is now available"
In reply to: Mike Kienenberger: "Re: Is matchExp case insensitive or not?"
Next in thread: Tore Halset: "Re: Is matchExp case insensitive or not?"
Reply: Tore Halset: "Re: Is matchExp case insensitive or not?"
Reply: Mike Kienenberger: "Re: Is matchExp case insensitive or not?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Another possiblity is to use likeIgnoreCaseExp to pull in results, but
> then go in and manually filter out anything that's not an exact match
> in your code. That's probably the safest bet and the most portable.
> Of course, you then have to deal with the possiblity that someone's
> password is "%"

After good nights sleep I arrived at the same conclusion. I pass the
umodified password to likeIgnoreCaseExp and then I do a String compare
against the password in the *first* record that matched.

I don't care about the case where escape chars used in passwords would
cause likeIgnoreCaseExp to not include the record in the query result.

The only thing I assume here is that it is safe to pass a string from
an attacker to likeIgnoreCaseExp().

-- 
Øyvind Harboe
http://www.zylin.com

Next message: Borut BolÄin: "Re: Database replication and caching"
Previous message: Malcolm Edgar: "[ANN] Click Framework 1.0 RC1 is now available"
In reply to: Mike Kienenberger: "Re: Is matchExp case insensitive or not?"
Next in thread: Tore Halset: "Re: Is matchExp case insensitive or not?"
Reply: Tore Halset: "Re: Is matchExp case insensitive or not?"
Reply: Mike Kienenberger: "Re: Is matchExp case insensitive or not?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Wed Aug 02 2006 - 02:10:17 EDT