Hi
does it make sense to include SQL validator in user settings?
First it has some dependencies (SOAP) and it really does not make sense to allow user to enable it unless they are satisfied (he will get only errors).
The more important is that I believe this is something what admin should control, as it makes connection to untrusted server, which could be easily used to some exploit if exploitable bug is found in SOAP extension or lower functions which SOAP extension do use. Also sending queries to third party is again something admin might don't want but user won't see it problematic.
So I think this option could be controlled by user only once admin has allowed it.
Michal Čihař a écrit :
Hi
does it make sense to include SQL validator in user settings?
First it has some dependencies (SOAP) and it really does not make sense to allow user to enable it unless they are satisfied (he will get only errors).
The more important is that I believe this is something what admin should control, as it makes connection to untrusted server, which could be easily used to some exploit if exploitable bug is found in SOAP extension or lower functions which SOAP extension do use. Also sending queries to third party is again something admin might don't want but user won't see it problematic.
So I think this option could be controlled by user only once admin has allowed it.
Indeed.
2010/7/27 Marc Delisle marc@infomarc.info:
Michal Čihař a écrit :
Hi
does it make sense to include SQL validator in user settings?
First it has some dependencies (SOAP) and it really does not make sense to allow user to enable it unless they are satisfied (he will get only errors).
The more important is that I believe this is something what admin should control, as it makes connection to untrusted server, which could be easily used to some exploit if exploitable bug is found in SOAP extension or lower functions which SOAP extension do use. Also sending queries to third party is again something admin might don't want but user won't see it problematic.
So I think this option could be controlled by user only once admin has allowed it.
Indeed.
Ok, removed.