cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tore Halset <>
Subject Re: Is matchExp case insensitive or not?
Date Wed, 02 Aug 2006 07:06:48 GMT
On Aug 2, 2006, at 8:09, √ėyvind Harboe wrote:

> The only thing I assume here is that it is safe to pass a string from
> an attacker to likeIgnoreCaseExp().

It should be safe as cayenne uses prepared statement, but some jdbc- 
drivers have had security holes even for prepared statement. Typicaly  
drivers that expand the prepared statement on the client side and  
pass it on as a non-prepared statement.

Storing clear text password in the database is almost never a good  
solution. I mostly store a sha-1 of the password.

  - Tore.
View raw message