[Zope] Zope SQL injection

Andy Yates andy at nnu.com
Fri Mar 18 12:23:36 EST 2005


Could somebody either point me to an article or explain what precautions
should be taken to prevent SQL injection in Zope.  If user entered form
data is passed to a ZSQL method does something automajically db escape
the data or is the programmer responsible for doing this.  If the
programmer is responsible, how is it done in Zope?  Thanks!

 

Andy

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20050318/c63d49aa/attachment.htm


More information about the Zope mailing list