-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 2 posts ] 
  Previous topic | Next topic 
Author Message
j_4jamshaid
 Post subject: SQL injections for Hibernae Native Query Support
PostPosted: Thu Mar 12, 2009 11:00 am 
Newbie

Joined: Thu Mar 12, 2009 10:39 am
Posts: 1
Hello,
Hibernate is pretty safe of sql injection as it uses preparedStament. I have been using Hibernate Native Query support heavily in my application and as far as i have learnt native query is not sql injection safe. Is there any mechanism that can be set at hibernate layer to make it safe from sql injection? rather then manually filtering all native queries for sql injection.{ i am using it quite heavily :( }

Please suggest!

--Ahsan Jamshaid....
Top
 Profile  
 
SIau_Tie
 Post subject:
PostPosted: Thu Mar 12, 2009 6:55 pm 
Senior
Senior

Joined: Wed Sep 19, 2007 9:31 pm
Posts: 191
Location: Khuntien (Indonesia)
Here is the sample

Code:
Query q = session.createSQLQuery("select * from author a where a.name like :name");
q.setString("name", "Agustino");
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 2 posts ] 

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.