ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zoran Avtarovski <zo...@sparecreative.com>
Subject OT: Preventing sql injection attack
Date Thu, 21 Feb 2008 04:40:54 GMT
We have a web application with an ajax autocomplete text box. The problem is
that currently the query statement for the ajax query is :

Select * from table where column LIKE '$value$%'

Which is susceptible to sql injection attacks.

One solution is to have a separate connection pool with read-only
privileges, but this seems blunt and doesn't prevent malicious access to
sensitive data. 


Is there a better way of doing this?


Z.



Mime
View raw message