how to replace and string in a "SELECT ... IN ()"
tino at wildenhain.de
Sat Sep 27 16:14:31 CEST 2008
Michael Mabin wrote:
> so you wouldn't object then to something like
> '.... in (%)' % ','.join([str_edit_for_exploit(x) for x in aList])
> if str_edit_for_exploit applied security edits?
Whats an security edit btw? If it is something meant to turn possibly
insecure data into 'secure' then, no I would still object.
Why? Because its a bad example of "default permit". Its always better
to have a whitelist - even more so when its so easy to do.
Its just a habit you develope - if you never do it right, how would you
know when and how to do it right when you need to?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
More information about the Python-list