TS Rick Gruber-Riemer wrote:
Most of the time the tools escape the input parameters automatically which would prevent most sql injection attacks but I wouldn't count on that :)Hi
Sorry for a maybe stupid question: how can a persistence framework be more secure? Do they include code to detect SQL injects - I have some doubts that automatic/configured O/R-mapping by itselv protects entirely from SQL-injection attacts.
Is there more to it?
You should definetly do the validation yourself. Try using a framework like commons-validator to make your life easier and of course youse the validator components provided by myfaces. :)
Regards Stefan
