ignite-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexey Kukushkin <kukushkinale...@gmail.com>
Subject Re: sql Injection prevention in ignite
Date Mon, 21 Aug 2017 10:30:06 GMT

Yes, Ignite prevents SQL injection.

Also, I think PreparedStatement is not about preventing you from SQL
injection. PreparedStatement is about compiling a query so that it can be
efficiently re-used if executed multiple times. What prevents form SQL
injection is binding parameters instead of concatenating them and making
them part of the SQL. If you check
IgniteH2Indexing.preparedStatementWithParams() you would find that this is
exactly what Ignite does - it binds parameters to the statement.

On Mon, Aug 21, 2017 at 10:18 AM, kotamrajuyashasvi <
kotamrajuyashasvi@gmail.com> wrote:

> Hi
> Using PreparedStatement of JDBC we can avoid/prevent sql Injection. Does
> *SqlFieldsQuery.setArgs(..)* in ignite also have same functionality to
> prevent sql Injection or Are there any other ways to prevent sql Injection
> in ignite.
> --
> View this message in context: http://apache-ignite-users.
> 70518.x6.nabble.com/sql-Injection-prevention-in-ignite-tp16321.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.

Best regards,

View raw message