-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 2 posts ] 
  Previous topic | Next topic 
Author Message
novotny
 Post subject: preventing SQL injection attacks
PostPosted: Mon Apr 24, 2006 1:30 pm 
Beginner
Beginner

Joined: Sun May 02, 2004 8:04 am
Posts: 36
Hi,

We use HQL for generating queries in our code and recently a user asked about SQL injection attacks. I was wondering if there was any kind of useful method I could pass my user input to to before doing the HQL that could transform quotes/parse out sql commands, etc to make my life easier. I understand that in general every query needs to be treated differently but something that could be useful as a first pass would be nice.


Thanks, Jason
Top
 Profile  
 
DangerMouse
 Post subject:
PostPosted: Mon Apr 24, 2006 1:41 pm 
Beginner
Beginner

Joined: Fri Feb 17, 2006 1:28 pm
Posts: 24
From what i know, Hibernate users PreparedStatements but i might be wrong. In which case, SQL injection is far less lightly to be a threat to your database.
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 2 posts ] 

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.