Geoff Longman wrote:

>Has anyone out there given any serious thought towards a strategy for
>preventing these kinds of attacks in Tapestry forms?
>
>examples:
>
>http://www.securiteam.com/securityreviews/5DP0N1P76E.html
>  
>
I know it's not what you asked, but it seems to me that SQL injection is
not an issue when you use an object relational mapper like cayenne or
hibernate, and (from what I can tell) rarely anyone works directly with
raw SQL anymore.
This immunity simply has to do with the fact that protection form such
an attach is already integrated into the mapper so anything you pass it
should be fairly safe.

This question has been asked, but you might have been looking in the
wrong place (Tapestry related, instead of ORM related) or you simply
don't presume your friend/colleague will use an ORM:
http://forum.hibernate.org/viewtopic.php?t=929908&highlight=mysql+jdbc+driver
http://jroller.com/comments/larrywilliams?anchor=secure_and_successful_posting_with
http://www.sitepoint.com/forums/showthread.php?t=271353

For what it's worth, it seems that yes, using prepared statements also
do the trick, but it's been so long since I last had to work at that
level... :)

Cheers,
Tomislav

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to