RE: Torque and SQL Injection

Thomas Fox Fri, 05 Aug 2011 07:22:57 -0700

Torque 3.3 escapes Strings in Queries(see method
org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so
SQL injection should not be a problem.
The current Torque 4 trunk uses Prepared statements throughout, which is
probably even better.


     Thomas

Adrian Paleacu <adrian.pale...@gmail.com> schrieb am 05.08.2011 16:14:10:

> Von:
>
> Adrian Paleacu <adrian.pale...@gmail.com>
>
> An:
>
> torque-user@db.apache.org
>
> Datum:
>
> 05.08.2011 16:14
>
> Betreff:
>
> Torque and SQL Injection
>
> Hi everyone,
>
> I'm wondering how safe is torque on sql injection attacks, I dind't fine
any
> official page on that.
>
>
> Regards,
>
> Adrian


---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscr...@db.apache.org
For additional commands, e-mail: torque-user-h...@db.apache.org

RE: Torque and SQL Injection

Reply via email to