You want to use a plugin that uses bind variables and exclusively use EOF API's for SQL generation. That's the best thing you can do to prevent sql injection.
ms On Jul 11, 2011, at 9:01 PM, Mai Nguyen wrote: > Hello, > I have found some good information about WebObjects and security at the > following wiki link: > > http://en.wikibooks.org/wiki/WebObjects/Web_Applications/Development/Authentication_and_Security > > However, there is no mention about SQL injections which seems to be an active > subject lately. Is WebObjects pretty safe, as there is no need to generate > SQL directly and access to the DB is going through the EOs normally? > Are there any other loopholes that I am not aware of? > About the following article: > http://support.apple.com/kb/TA26730?viewlocale=en_US > Would the normal WebObjects behavior be pretty safe if one does not allow the > user to enter HTML tags? Does Project Wonder do something in this area? > > Many thanks for your advice, > > -mai _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > http://lists.apple.com/mailman/options/webobjects-dev/mschrag%40pobox.com > > This email sent to [email protected] _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
