Re: Is matchExp case insensitive or not?

From: Tore Halset (halse..vv.ntnu.no)
Date: Wed Aug 02 2006 - 03:06:48 EDT

Next message: Øyvind Harboe: "Re: Is matchExp case insensitive or not?"

Previous message: Borut BolÄin: "Re: Database replication and caching"
In reply to: Øyvind Harboe: "Re: Is matchExp case insensitive or not?"
Next in thread: Øyvind Harboe: "Re: Is matchExp case insensitive or not?"
Reply: Øyvind Harboe: "Re: Is matchExp case insensitive or not?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Aug 2, 2006, at 8:09, Øyvind Harboe wrote:

> The only thing I assume here is that it is safe to pass a string from
> an attacker to likeIgnoreCaseExp().

It should be safe as cayenne uses prepared statement, but some jdbc-
drivers have had security holes even for prepared statement. Typicaly
drivers that expand the prepared statement on the client side and
pass it on as a non-prepared statement.

Storing clear text password in the database is almost never a good
solution. I mostly store a sha-1 of the password.

- Tore.

Next message: Øyvind Harboe: "Re: Is matchExp case insensitive or not?"
Previous message: Borut BolÄin: "Re: Database replication and caching"
In reply to: Øyvind Harboe: "Re: Is matchExp case insensitive or not?"
Next in thread: Øyvind Harboe: "Re: Is matchExp case insensitive or not?"
Reply: Øyvind Harboe: "Re: Is matchExp case insensitive or not?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Wed Aug 02 2006 - 03:07:28 EDT