Dan Horne wrote:
The recent discussion on read only objects has got me wondering. Say one
has an app which basically sends result sets to TT templates. What stops
a malicious designer from doing DB updates in the templates since they
have the RS objects?
Make sure that the DBI connection that the templates use is of a db-user
that only has SELECT privileges?

Cheers, Dave

Search Discussions

Discussion Posts


Follow ups

Related Discussions



site design / logo © 2016 Grokbase