Subject: [xsl] document function serving up server script XML|
From: Steve <subsume@xxxxxxxxx>
Date: Fri, 23 Feb 2007 12:02:48 -0500
In many places around my site--which deals with sensitive data--my XSL calls upon the document function to ask a server script to retrieve and serve up database results in XML.
This script does not execute SQL arbitrarily, but based on its passed variables. However, this server script is set to ignore anything out of the house (originating from IP other than 192.168.0.7).
While this isn't XSL, per se, I'm sure someone out there has a similar method for getting live XML via document(). Or maybe its just bad practice in principle to rely on it so heavily?