SQL Injections and Hibernate
- From: Linux Security <linux_sec@xxxxxxxxxxx>
- Date: Wed, 6 Jun 2007 14:01:17 +0200 (CEST)
Hello All,
How secure is a java web application that uses ONLY hibernate to access a database from sql injections?
As
far as I know and understand, the hibernate layer will determine the
sql statements that are going to hit the database, and this makes it
much more secure than the developer creating the sql using JDBC, and
having to check the user input for sql injections, but is there a way
for a mallicious user of the application to inject sql and (maybe)
bypass the Hibernate layer?
Thank you in advance
___________________________________________________________
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
- Follow-Ups:
- Re: SQL Injections and Hibernate
- From: AdityaK
- Re: SQL Injections and Hibernate
- Prev by Date: Re: When the program was installed
- Next by Date: Re: SQL Injections and Hibernate
- Previous by thread: Re : When the program was installed
- Next by thread: Re: SQL Injections and Hibernate
- Index(es):
Relevant Pages
|
