|
|
Web Application Security
JDBC protections against SQL Injection Mar 16 2009 04:50PM lister lihim org (1 replies) Re: JDBC protections against SQL Injection Mar 17 2009 04:32AM Ï?â??Ï?Æ?ιÏ? * (tas0584 gmail com) (1 replies) |
|
Privacy Statement |
Hash: SHA1
Good morning everyone,
The Java PreparedStatement class is there for you:
http://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java
- --
Marc-André Laverdière
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India
Ï?â??Ï?Æ?ιÏ? * wrote:
> Hey,
>
> This preach is applicable for any programming language. It all depends
> on how well you have done input & output validation. As in what input
> you expect & what input is malicious for your app. If all goes well
> you can make SQL injection very difficult or even impossible . The
> reason I say difficult, because it all depends on how well the SQL
> injection is crafted. As far as I recollect I don't think JDBC or for
> that case even java gives you predefined class for doing that. But
> there is quite a possibility that some one on the internet must have
> surely written these classes.
>
> --
> Taufiq
> http://www.niiconsulting.com/products/iso_toolkit.html
>
>
>
> 2009/3/16 <lister (at) lihim (dot) org [email concealed]>:
>> I've heard this preached before.
>>
>> Using JDBC properly can help protect against SQL Injection.
>>
>> What protections does JDBC provide?
>>
>> Does java encode the input to not be malicious?
>>
>> I'm curious where in the java source/libraries does jdbc help
>> to mitigate malicious input when using jdbc.
>>
>>
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkm/LnIACgkQ1pcTV+tDOi4SCQCff3iHEl6I3C7vkziCUPjP1k0u
oCgAoJL659OG2pHXV9C+vgScbfdjXmXl
=DEaD
-----END PGP SIGNATURE-----
[ reply ]