[mythtv] Heads up: Smart playlists in MythMusic
Matt Zimmerman
mdz at debian.org
Mon Jan 26 21:41:35 EST 2004
On Mon, Jan 26, 2004 at 03:43:49PM -0700, Steele Price wrote:
> Embedding a WHERE clause is pretty safe here. If it's invalid its just
> going to barf it, so test for an invalid response.
Parsing SQL is non-trivial, but the likelihood of an invalid expression
doing anything harmful is pretty low.
> If you are worried about SQL Injection, you can add a security test for
> that which is alot faster than the parser would be.
The database is our configuration store; it is trusted. So as long as that
WHERE clause is built up through a dialog and not supplied by the user,
there's no problem.
--
- mdz
More information about the mythtv-dev
mailing list