[ http://wso2.org/jira/browse/MASHUP-638?page=comments#action_15401 ] Tyrell Perera commented on MASHUP-638: --------------------------------------
I checked and verified this with the Registry team before our 1.0 release. They use java 'prepared statements'. So if we 'assume' that they are using it correctly we are safe from sql injection attacks. I tried some common SQL injection attacks using our search page and failed, which is good news. > Sanitize SQL? > ------------- > > Key: MASHUP-638 > URL: http://wso2.org/jira/browse/MASHUP-638 > Project: WSO2 Mashup Server > Issue Type: Wish > Reporter: Jonathan Marsh > Assigned To: Channa Gunawardena > > Are we sure there isn't the potential for abuse through injected sql at any > point in the interface? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://wso2.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira _______________________________________________ Mashup-dev mailing list [email protected] http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
