Available Protection In Crystal
0 views
Skip to first unread message
hello
Dec 27, 2010, 9:54:21 AM12/27/10
to crystal
Hello,
I noticed your post on twitter about how the new version will have
"better SQL Injection prevention" so naturally I am concerned about
the protection that crystal provides, specifically through the word
"better".
If there are exploits found in crystal or vulnerabilities that
developers should know about, please inform us. Moreover can you
please list the ways in which crystal escapes and protects data as
going through classes and functions of this size can take long.
Thanks in advance,
-Developer AT-XE
I noticed your post on twitter about how the new version will have
"better SQL Injection prevention" so naturally I am concerned about
the protection that crystal provides, specifically through the word
"better".
If there are exploits found in crystal or vulnerabilities that
developers should know about, please inform us. Moreover can you
please list the ways in which crystal escapes and protects data as
going through classes and functions of this size can take long.
Thanks in advance,
-Developer AT-XE
Martin
Dec 27, 2010, 10:29:24 AM12/27/10
to crystal
Hi,
In the beginning Crystal was designed as a replacement for
Codeigniter's ORM and naturally
I use the same SQL injection prevention methods like Codeigniter, but
at least for me they don't cover all
the edge cases. Crystal 0.5 will use the same API like the previous
versions, but the backend will work
a lot more like ZendDB ( it will use PDO, where available,
transactions, parameter binding, etc.)
In the beginning Crystal was designed as a replacement for
Codeigniter's ORM and naturally
I use the same SQL injection prevention methods like Codeigniter, but
at least for me they don't cover all
the edge cases. Crystal 0.5 will use the same API like the previous
versions, but the backend will work
a lot more like ZendDB ( it will use PDO, where available,
transactions, parameter binding, etc.)
AT-XE
Dec 27, 2010, 12:16:45 PM12/27/10
to crystal
Thanks for the reply.
So is there any ETA for crystal?
(Estimated time for arrival).
So is there any ETA for crystal?
(Estimated time for arrival).
Martin
Dec 27, 2010, 12:26:06 PM12/27/10
to crystal
There are some drafts for the new API, but I need to find the time to
hack on it. Probably I'll release
one more 0.4 release with several bug fixes for table joins, etc. And
after that I'll work on the 0.5 branch.
So, that means - release date for the 0.5 branch - February 2011 :)
hack on it. Probably I'll release
one more 0.4 release with several bug fixes for table joins, etc. And
after that I'll work on the 0.5 branch.
So, that means - release date for the 0.5 branch - February 2011 :)
Reply all
Reply to author
Forward
0 new messages