You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cocoon.apache.org by Matt Jones <ig...@yahoo.com> on 2000/06/06 21:33:45 UTC

sql taglib security problem?

I noticed that if the the database is down, <query>
tags get expanded into the enclosed query string,
rather than an error message. This seems like a
security risk, maybe it should be more like the oracle
xsql tags that print an error message instead, like:

Oracle XSQL Servlet Page Processor 1.0.0.0
(Production)
XSQL-007: Cannot acquire a database connection to
process page.
ORA-01034: ORACLE not available

-Matt


__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com