Maybe, but how would a user really know if the Select statement is valid or
not?
-----Original Message-----
From: Greg Gum [mailto:ProFox /at/ Avasoft DOT com]
Sent: Friday, October 31, 2003 2:31 PM
To: profoxtech@leafe.com
Subject: RE: [NF] Gates: You don't need perfect code for security
What if it was an unexpected SQL statement, ie came from a virus or
something? This would at least give you a clue something is going on.
Greg
-----Original Message-----
From: profoxtech-bounces /at/ leafe DOT com [mailto:profoxtech-bounces@leafe.com] On
Behalf Of allan lindgren
Sent: Friday, October 31, 2003 12:54 PM
To: profoxtech /at/ leafe DOT com
Speaking of security, I just had to do a work around for this. We are
testing our direct marketing module in Office 2003 (word 11). When the
user previews or prints a merged document, there is a new warning screen
that states "Opening this document will run the following SQL command:
SELECT * FROM C-3000G6YD Data from your database will be placed in the
document. Do you wish to continue? " MS states that this is part of
there new commitment to security. The dialog has a yes and no button. If
you push the YES button, you get the mail merge document with data. If
you push the NO button you get the mail merge document with data.
Question; How is this secure? ;-)
We are turning this off for our customers in the registry.
Allan Lindgren
mailto:allan_lindgren@starkey.com
> -----Original Message-----
> [mailto:profox-bounces /at/ leafe DOT com] On Behalf Of James Roark
>
> Subject: [NF] Gates: You don't need perfect code for security
>
>
[excessive quoting removed by server]
©2003 Crooks, David L. |
