On Aug 18, 2007, at 9:57 AM, Jason Troy wrote:
> On 8/15/07, Greg Willits wrote:
>> I have a question whether this practice I'm about to describe is
>> good, unnecessary, or just falls within the "whatever floats your
>> boat" category.
>
> I asked my co-workers your question - here's what a couple said....
Jason, thanks for the effort and the feedback.
Obviously the point isn't to use obscurity in lieu of actual
defensive programming against injection, I was just wondering how
many people did it as an extra "layer" (however thin it may be). The
more concentric rings of difficulty/defense, the better I figure.
These days I do it as much for separation of data/view as anything
else (so view/form code can interact with db, web services, etc).
As for extra work, I've created a general purpose mapper / ORM-ish
layer doing all the translation, and throughout the app I can use the
abstracted name, so it really doesn't feel like extra work at all
when coding -- even when creating new apps.
So, I guess it floats my boat, but it's not a tsunami.
-- greg willits
-------------------------------------------------------------------------
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe--------------------------------------------------------------------------
