db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Paleacu <adrian.pale...@gmail.com>
Subject Re: Torque and SQL Injection
Date Mon, 08 Aug 2011 11:58:55 GMT
Hi Thomas,

 Torque 3.2 also implements  SqlExpression.quoteAndEscapeText

Regards,

Adrian



On Fri, Aug 5, 2011 at 5:22 PM, Thomas Fox <Thomas.Fox@seitenbau.net> wrote:

> Torque 3.3 escapes Strings in Queries(see method
> org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so
> SQL injection should not be a problem.
> The current Torque 4 trunk uses Prepared statements throughout, which is
> probably even better.
>
>     Thomas
>
> Adrian Paleacu <adrian.paleacu@gmail.com> schrieb am 05.08.2011 16:14:10:
>
> > Von:
> >
> > Adrian Paleacu <adrian.paleacu@gmail.com>
> >
> > An:
> >
> > torque-user@db.apache.org
> >
> > Datum:
> >
> > 05.08.2011 16:14
> >
> > Betreff:
> >
> > Torque and SQL Injection
> >
> > Hi everyone,
> >
> > I'm wondering how safe is torque on sql injection attacks, I dind't fine
> any
> > official page on that.
> >
> >
> > Regards,
> >
> > Adrian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
> For additional commands, e-mail: torque-user-help@db.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message