Subject: Re: [xsl] document function serving up server script XML|
From: "Robert Koberg" <rob@xxxxxxxxxx>
Date: Sat, 24 Feb 2007 13:53:30 -0500
On 2/23/07, Steve <subsume@xxxxxxxxx> wrote:In many places around my site--which deals with sensitive data--my XSL calls upon the document function to ask a server script to retrieve and serve up database results in XML.
This script does not execute SQL arbitrarily, but based on its passed variables. However, this server script is set to ignore anything out of the house (originating from IP other than 192.168.0.7).
While this isn't XSL, per se, I'm sure someone out there has a similar method for getting live XML via document(). Or maybe its just bad practice in principle to rely on it so heavily?