I am developing a web application that MUST be safe.
I am searching for a Java lib that can check a string to be both:
- HTML safe (replacing '<' with '>' etc... ); - SQL safe;
SQL safeness is critical, because string typed by the user will be used to generate a SQL statement. I can't allow users to input a "malicious" string that would end up allowing them to execute arbitrary SQL statements.
Can you expand on SQL safe? Normally in Java you would use PreparedStatements and have the user data set as parameters, so a user doesn't actually write the SQL themselves. But if you are letting someone write the SQL themselves, then what "safe" do you mean? select only these tables? select and update? select update delete but not bulk delete? insert?
-- Serge Knystautas President Lokitech >> software . strategy . design >> http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
