Your choice of data storage has no relationship with your vulnerability to XSS. The only vulnerability you really care about (from a programming perspective) when picking a RDBMS is SQL Injection and that's solved by DBI. Anything else is the purview of your DBA (you do have one, right) and your sysadmin (you do have one of those, too, right).
My criteria for good software:
- Does it work?
- Can someone else come in, make a change, and be reasonably certain no bugs were introduced?
| [reply] |
Like they said. Run your program in Taint mode and use placeholders in queries. That should hit most of your worries.
| [reply] |