Changeset - 71e3516c6e42
Parent rev.
Child rev.
[Not reviewed]
0 1 0
http://wandborg.se/ Joar@web - 10 years ago 2013-11-20 20:09:18

1 file changed with 1 insertions and 1 deletions:
ExistingProjects/ERPNext.mdwn
1
1
0 comments (0 inline, 0 general)
ExistingProjects/ERPNext.mdwn
Show inline comments
...
 
@@ -15,7 +15,7 @@ The python code does not follow the guidelines in [PEP8](http://www.python.org/d
 

			




	
	
	
		
 
#### Database


			




	
	
	
		
 

			




	
	
	
		
 
wnframework contains a database model abstraction which is used in some places, though there are > 2000 places where raw SQL is composed using python's `'foo %' % ('bar')` string formatting. I have managed to cause some minor SQL injections, I have not yet found any places where I can cause significant damage / data loss.


			




	
	
	
		
 
wnframework contains a database model abstraction which is used in some places, though there are > 2000 places where raw SQL is composed using python's `'foo %s' % ('bar')` string formatting. I have managed to cause some minor SQL injections, I have not yet found any places where I can cause significant damage / data loss.


			




	
	
	
		
 

			




	
	
	
		
 
Not using a database abstraction model such as SQLAlchemy reduces storage portability and adds security overhead to ensure that no malicious queries can be executed.


			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







    


    

  


    








    
        Server instance: kapok.sfconservancy.org-24399
    
    
        This site is powered by
            Kallithea 0.6.3,
        which is
        © 2010–2020 by various authors & licensed under GPLv3.
            – SupportPrivacy Policy