db-torque-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Fischer <fisc...@seitenbau.net>
Subject Re: Proposal for Automatic text escaping and overflow checking
Date Tue, 04 Oct 2005 09:17:02 GMT




I was also under the impression that Torque has no problems with these
vulnerabilities.
String escaping is definitely handled by the DB driver because prepared
statements are used for the inserts and updates. My understanding is that
range checks are also handled either by the db driver or the database.

Greg, do you have an example where you have actually seen anything
problematic ?

    Thomas


Thomas Vandahl <thomas.vandahl@tewisoft.de> schrieb am 04.10.2005 08:34:00:

> Greg Monroe wrote:
> > limited length strings like SQL does.  Java has no concept of special
> > characters in strings that need to be delimited like SQL does.  How can

> > ensuring that this mapping is done properly NOT be part of the O/R
> > layer's responsiblities?
>
> AFAICS, Torque does the quoting of special SQL chars just fine. I see no
> real need for an extension here.
>
> IMO, range checks are not an O/R layer issue, you can even rely on the
> database throwing an error to get this. Keep it simple.
>
> Bye, Thomas.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: torque-dev-unsubscribe@db.apache.org
> For additional commands, e-mail: torque-dev-help@db.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: torque-dev-unsubscribe@db.apache.org
For additional commands, e-mail: torque-dev-help@db.apache.org


Mime
View raw message