W3C home > Mailing lists > Public > public-qt-comments@w3.org > November 2005

XQuery spec doesn't warn about injection attacks

From: Dan Connolly <connolly@w3.org>
Date: Mon, 28 Nov 2005 16:54:08 -0500
Message-Id: <3d474bd8ac0748c3042aa5098a5faa98@w3.org>
Cc: Thomas Roessler <tlr@w3.org>
To: public-qt-comments@w3.org 

SQL injection attacks are a well-known risk. Surely there's an analog 
for XQuery.
Please warn about them.

http://www.w3.org/TR/xquery/#id-security-considerations

(I spent (another) 10 minutes trying to get my bugzilla account working 
and failed. Rather
than punt to the someday pile, I'm sending mail. Sorry.)

-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Monday, 28 November 2005 21:54:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:14:42 GMT