> product... In the same category would then maybe be dynamic
> code injection, where source code is injected. But that is
> not a problem special to Groovy or special to dynamic
> languages, that is a problem that is possible for any
> language with scripting abilities... But in both cases of
> injection it is crucial to not to have code (being sql or
> something else) in http requests and to check all data that
> is given through the user.


Jochen, you are mostly arguing with web based scenarios.
The injection problem can exist with scripting support in
enterprise applications too.
Consider scriptlets for business rules in an app's DB, or
configuration scripts or some DSL scripts started
dynamically from user space.

As the running engine (Groovy) is not restricted in its
feature set, it can do anything what the running java
code can do.

Or am I wrong here?

KR
Det


***********************************************************************

Die Information in dieser email ist vertraulich und ist ausschliesslich
fuer den/die benannten Adressaten bestimmt. Ein Zugriff auf diese
email durch andere Personen als den/die benannten Adressaten ist
nicht gestattet. Sollten Sie nicht der benannte Adressat sein, loeschen
Sie bitte diese email.

***********************************************************************

BITMARCK Software GmbH
Paul-Klinger-Strasse 15, 45127 Essen

Amtsgericht Essen HRB 20680
Geschaeftsfuehrer: Frank Krause, Andreas Prenneis


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

  http://xircles.codehaus.org/manage_email