-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 
  Previous topic | Next topic 
Author Message
khanmurtuza
 Post subject: sql injection attack
PostPosted: Thu Oct 29, 2009 10:15 am 
Newbie

Joined: Thu Oct 29, 2009 10:12 am
Posts: 1
Few days back there was an audit and the report was the application was vulnerable to sql injection attack,

we query the database by calling

List result = session.createQuery("from LoginInfo where loginName = :loginName and password is null")
.setString("loginName", info.getLoginName())
.list();

I ran some test and could not find anything, can anyone please help me in understanding why its broken and how can it be fixed.

Thank You
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.