[wp-hackers] idea: no SQL in themes
Robert Deaton
false.hopes at gmail.com
Tue Nov 15 21:07:19 GMT 2005
I honestly think that there is no real way to stop database queries
from within themes, and I don't see the security benefit from it.
Sure, you may say stopping SQL from running would make it more secure,
but don't you think there are other areas we should be focusing
on...shell_exec, popen, etc. SQL should be the least of our worries,
and I don't think this sort of security is really much of a worry at
all.
On 11/15/05, David House <dmhouse at gmail.com> wrote:
> On 15/11/05, John Joseph Bachir <jjb at ibiblio.org> wrote:
> > What do people think of the idea of not allowing database calls in themes?
> > There would be an obvious security benefit, but also it would make it
> > easier for less geeky people to develop wordpress themes.
>
> I don't see any reason for positively banning SQL calls, but certainly
> providing a comprehensive API for all possible DB calls is a good
> idea.
>
> --
> -David House, dmhouse at gmail.com, http://xmouse.ithium.net
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
--
--Robert Deaton
http://somethingunpredictable.com
More information about the wp-hackers
mailing list