You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Robert Gombotz <a9...@unet.univie.ac.at> on 2003/11/24 19:43:09 UTC

DatabaseBrowserTest Portal bug?

I had a look at the DatabaseBrowserTest Portal that comes with the Original distribution. if you customize that portlet, you can give it an sql-querystring. but this also works with INSERT INTO and DELETE statements. I can't imagine that it is desirable desirable to allow a standard user these actions.

any opinions on that?

Robert

Re: DatabaseBrowserTest Portal bug?

Posted by David Sean Taylor <da...@bluesunrise.com>.

On Monday, November 24, 2003, at 10:43  AM, Robert Gombotz wrote:

> I had a look at the DatabaseBrowserTest Portal that comes with the 
> Original distribution. if you customize that portlet, you can give it 
> an sql-querystring. but this also works with INSERT INTO and DELETE 
> statements. I can't imagine that it is desirable desirable to allow a 
> standard user these actions.
>
> any opinions on that?
>
> Robert
IMO its just an example, and its useful for people to try out different 
SQL statements, for learning purposes
You could simply disable it or...

we could submit a feature request where it disallows:

- any DML (or a list of SQL statements i.e. UPDATE, DELETE ....)
- any queries against a configurable list of tables

For me its just an example and I would remove the portlet in production


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org