Geoff Longman wrote: >Has anyone out there given any serious thought towards a strategy for >preventing these kinds of attacks in Tapestry forms? > >examples: > >http://www.securiteam.com/securityreviews/5DP0N1P76E.html > > I know it's not what you asked, but it seems to me that SQL injection is not an issue when you use an object relational mapper like cayenne or hibernate, and (from what I can tell) rarely anyone works directly with raw SQL anymore. This immunity simply has to do with the fact that protection form such an attach is already integrated into the mapper so anything you pass it should be fairly safe.
This question has been asked, but you might have been looking in the wrong place (Tapestry related, instead of ORM related) or you simply don't presume your friend/colleague will use an ORM: http://forum.hibernate.org/viewtopic.php?t=929908&highlight=mysql+jdbc+driver http://jroller.com/comments/larrywilliams?anchor=secure_and_successful_posting_with http://www.sitepoint.com/forums/showthread.php?t=271353 For what it's worth, it seems that yes, using prepared statements also do the trick, but it's been so long since I last had to work at that level... :) Cheers, Tomislav --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
