[Dailydave] From blackbox to grey-box during Web App tests
Thomas Ptacek
tqbf at matasano.com
Sun Oct 14 09:56:18 EDT 2007
> Why don't more people just use Parameterized Stored Proceedures? Is it
> because there are implimentation issues or because people don't know
> about them? Whats your opinion?
I wonder that too. Also, why don't people just not write integer overflows?
With the snark bit cleared, I'll point out: lots of projects use
stored procedures, but have some patches of functionality (like query
builders) that are easiest to write with raw SQL.
--
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
More information about the Dailydave
mailing list