click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Schellink <sab...@gmail.com>
Subject Re: How sure is Click agains SQL injections?
Date Mon, 29 Mar 2010 09:11:42 GMT
Hi George,

ORMs like Hibernate/JPA/Cayenne take care of SQL injection by using prepared statements. If
you use 
raw JDBC you should use prepared statements as well.

See the defense strategies mention here:
   http://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java


kind regards

bob

On 29/03/2010 12:30 AM, georgex wrote:
>
> How sure is Click against SQL injections?
> I mean a typical Click application like Click-Examples - but without Spring
> (where the average programmer doesn't add an extra layer of checking - but
> it's using Click as default).
>
> Thanks,
> George.


Mime
View raw message