I was also under the impression that Torque has no problems with these
vulnerabilities.
String escaping is definitely handled by the DB driver because prepared
statements are used for the inserts and updates. My understanding is that
range checks are also handled either by the db driver or the database.
Greg, do you have an example where you have actually seen anything
problematic ?
Thomas
Thomas Vandahl <[EMAIL PROTECTED]> schrieb am 04.10.2005 08:34:00:
> Greg Monroe wrote:
> > limited length strings like SQL does. Java has no concept of special
> > characters in strings that need to be delimited like SQL does. How can
> > ensuring that this mapping is done properly NOT be part of the O/R
> > layer's responsiblities?
>
> AFAICS, Torque does the quoting of special SQL chars just fine. I see no
> real need for an extension here.
>
> IMO, range checks are not an O/R layer issue, you can even rely on the
> database throwing an error to get this. Keep it simple.
>
> Bye, Thomas.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
