Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

SQL Injections and Hibernate

From: Linux Security <linux_sec () yahoo co uk>
Date: Wed, 6 Jun 2007 14:01:17 +0200 (CEST)

Hello All,

How secure is a java web application that uses ONLY hibernate to access a database from sql injections?

As
far as I know and understand, the hibernate layer will determine the
sql statements that are going to hit the database, and this makes it
much more secure than the developer creating the sql using JDBC, and
having to check the user input for sql injections, but is there a way
for a mallicious user of the application to inject sql and (maybe)
bypass the Hibernate layer?

Thank you in advance 



      ___________________________________________________________ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
Previous By Date Next
Previous By Thread Next

Current thread: