WebApp Sec mailing list archives
JDBC protections against SQL Injection
From: lister () lihim org
Date: Mon, 16 Mar 2009 11:50:49 -0500
I've heard this preached before. Using JDBC properly can help protect against SQL Injection. What protections does JDBC provide? Does java encode the input to not be malicious? I'm curious where in the java source/libraries does jdbc help to mitigate malicious input when using jdbc.
Current thread:
- JDBC protections against SQL Injection lister (Mar 16)
- Re: JDBC protections against SQL Injection τ∂υƒιφ * (Mar 16)
- Re: JDBC protections against SQL Injection Marc-André Laverdière (Mar 16)
- Re: JDBC protections against SQL Injection private private (Mar 17)
- RE: JDBC protections against SQL Injection Dave Wichers (Mar 17)
- Re: JDBC protections against SQL Injection Marc-André Laverdière (Mar 16)
- Re: JDBC protections against SQL Injection τ∂υƒιφ * (Mar 16)
- <Possible follow-ups>
- Re: Re: JDBC protections against SQL Injection jjs_ritasa (Mar 18)
- Re: Re: JDBC protections against SQL Injection Pete Jansson (Mar 19)
- Re: Re: JDBC protections against SQL Injection lister (Mar 19)
- Re: JDBC protections against SQL Injection Rogan Dawes (Mar 19)
- Re: JDBC protections against SQL Injection Florian Weimer (Mar 19)
- Re: JDBC protections against SQL Injection Rohit Sethi (Mar 24)
- Re: Re: JDBC protections against SQL Injection Pete Jansson (Mar 19)