wissel.net

wissel.net

Usability - Productivity - Business - The web - Singapore & Twins

One more reason to build Domino applications

Catching up on my blog reading I checked the http://www.joelonsoftware.com/items/2006/11/01.html on Joel on Software. Joel explains what an SQL injection bug is and how vulnerable a lot of sites are to that. An upcoming report from Mitre (cited here and here) claims that SQL injection and cross site scripting are rapidly becoming the attack vector #1 replacing buffer overflows as prevalent security hole. Joel had posted a solution how to avoid that quite a while ago. However this coding style doesn't seem to be too wide spread.
Of course you can use Domino for your web application and don't bother about SQL or if you can't live without SQL let DECS and LEI do the heavy lifting instead of "cleanscrubbing" your strings yourself.

Posted by on 01 November 2006 | Comments (3) | categories: IBM Notes Lotus Notes

Comments

  1. posted by Sean Burgess on Thursday 02 November 2006 AD:
    There are many times I wish that Domino has a built-in SQL interface for making my life easier when writing reports, but I am willing to do a little extra work to not have to deal with the SQL hacking that is prevalent throughout the internet.

    Sean---
  2. posted by Stephan H. Wissel on Thursday 02 November 2006 AD:
    Sean,
    you have a couple of options for reporting:
    - NotesSQL (co-production of Lotus and Crystal Reports) which turns Domino into an SQL datasource
    - DXL, XSLT, XSL/FO (get a good tool for writing that)
    - DB/2 integration in R7
    - DECS/LEI for the others
    - HTML in Domino (play with the content type to load it to Excel)
    - I think there is a data provider for Eclipse Birt
    - a bunch of commercial products

    Of course: a well designed Notes apps hardly needs reports (once you get that idea out of the heads of the users). We had that before :
    http://www.wissel.net/blog/d6plinks/SHWL-5QB3TN
    Emoticon smile.gif stw
  3. posted by Sean Burgess on Friday 03 November 2006 AD:
    I've done most of the above, with the exception of the DXL and Db2 stuff. And I know it keeps me employed that I know how to get the data out of Notes in just the right way, but it would sure be nice to be able to do a join and use the order by. Heck, I'd love to just be able to pass a value to get a sorted document collection. Something like dc.sort("duedate", 1) would be a wonderful thing, instead I have to figure out how to do it on my own. Emoticon sad.gif

    Sean---