This preach is applicable for any programming language. It all depends
on how well you have done input & output validation. As in what input
you expect & what input is malicious for your app. If all goes well
you can make SQL injection very difficult or even impossible . The
reason I say difficult, because it all depends on how well the SQL
injection is crafted. As far as I recollect I don't think JDBC or for
that case even java gives you predefined class for doing that. But
there is quite a possibility that some one on the internet must have
surely written these classes.
2009/3/16 <lister (at) lihim (dot) org [email concealed]>:
> I've heard this preached before.
>
> Using JDBC properly can help protect against SQL Injection.
>
> What protections does JDBC provide?
>
> Does java encode the input to not be malicious?
>
> I'm curious where in the java source/libraries does jdbc help
> to mitigate malicious input when using jdbc.
>
>
>
>
This preach is applicable for any programming language. It all depends
on how well you have done input & output validation. As in what input
you expect & what input is malicious for your app. If all goes well
you can make SQL injection very difficult or even impossible . The
reason I say difficult, because it all depends on how well the SQL
injection is crafted. As far as I recollect I don't think JDBC or for
that case even java gives you predefined class for doing that. But
there is quite a possibility that some one on the internet must have
surely written these classes.
--
Taufiq
http://www.niiconsulting.com/products/iso_toolkit.html
2009/3/16 <lister (at) lihim (dot) org [email concealed]>:
> I've heard this preached before.
>
> Using JDBC properly can help protect against SQL Injection.
>
> What protections does JDBC provide?
>
> Does java encode the input to not be malicious?
>
> I'm curious where in the java source/libraries does jdbc help
> to mitigate malicious input when using jdbc.
>
>
>
>
[ reply ]