openerp-expert-framework team mailing list archive
-
openerp-expert-framework team
-
Mailing list archive
-
Message #00070
SQL Injection issues
Hi All,
SQL injection when using cursor.execute is one of our major issues and
concerns today.
For example:
A merge proposed last day is again subject to the same issue: (Refer:
https://code.launchpad.net/~frederic-declercq/openobject-addons/addons-fu/+merge/16205
)
I found the last major fight here:
https://bugs.launchpad.net/openobject-server/+bug/422563 and the guidelines
here:
http://doc.openerp.com/contribute/developing_modules.html?highlight=sql%20injection#security
But I am not sure it works the way we want.
Can this community publish some guidelines abut how to avoid these issues in
the code?
Regards
--
Sharoon Thomas
Business Analyst & ERP Consultant
http://bit.ly/5FAJKU