WebApp Sec: Re: JDBC protections against SQL Injection

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: JDBC protections against SQL Injection

From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 19 Mar 2009 21:03:23 +0100

Being paranoid, I wanted to review the source in java and find the
area where the input is "escaped" to see how they handle the protections
in implementation rather than blindly trust someone saying "just use ...
it will protect against SQL injection".


It's in the JDBC driver.  Escaping is database-specific, so only the
driver knows how to do it properly.

By Date By Thread

Current thread:

RE: JDBC protections against SQL Injection, (continued)
- Re: Re: JDBC protections against SQL Injection jjs_ritasa (Mar 18)
  - Re: Re: JDBC protections against SQL Injection Pete Jansson (Mar 19)
    - Re: Re: JDBC protections against SQL Injection lister (Mar 19)
    - Re: JDBC protections against SQL Injection Rogan Dawes (Mar 19)
    - Re: JDBC protections against SQL Injection Florian Weimer (Mar 19)
    - Re: JDBC protections against SQL Injection Rohit Sethi (Mar 24)
    - RE: JDBC protections against SQL Injection Jeff Williams (Mar 26)
- Re: Re: Re: JDBC protections against SQL Injection jjs_ritasa (Mar 19)