Security Basics mailing list archives
SQL Injections and Hibernate
From: Linux Security <linux_sec () yahoo co uk>
Date: Wed, 6 Jun 2007 14:01:17 +0200 (CEST)
Hello All, How secure is a java web application that uses ONLY hibernate to access a database from sql injections? As far as I know and understand, the hibernate layer will determine the sql statements that are going to hit the database, and this makes it much more secure than the developer creating the sql using JDBC, and having to check the user input for sql injections, but is there a way for a mallicious user of the application to inject sql and (maybe) bypass the Hibernate layer? Thank you in advance ___________________________________________________________ Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
Current thread:
- SQL Injections and Hibernate Linux Security (Jun 06)
- Re: SQL Injections and Hibernate AdityaK (Jun 06)