Inject « SQL « JPA Q&A

1. Prevention against SQL Injection in Hibernate

I have used hibernate to interact with my database, now i wanted to make my database layer secure against SQL Injection, so i did some research i ofund ...

2. Detecting Injection in Hibernate

I'm using Hibernate and I want to prevent injections into Hibernate prepared statements. Is there a straightforward way to do this? Regards, Hamed

Let me rephrase my problem. :-) I have a lot of queries ...

4. sql injection attack

Few days back there was an audit and the report was the application was vulnerable to sql injection attack, we query the database by calling List result = session.createQuery("from LoginInfo where loginName = :loginName and password is null") .setString("loginName", info.getLoginName()) .list(); I ran some test and could not find anything, can anyone please help me in understanding why its broken and ...

5. Malicious SQL injection

6. sql injection

hi, i tried to test if my application (which is based upon hibernate) is safe against sql injection. ok nothing happened, but maybe i don't have the cleverness of a hacker and he could do it... Do you know how secure hibernate is and what i could do? Somewhere i read prepared statements could protect. thanks and kind regards, jazz

7. Hibernate and Security (SQL Injection)

Greetings, I've successfully used hibernate on a few projects, and well, it's almost about to happen again. Thanks for the great work (and making my life easier), you already know how great hibernate is, so I won't say it again! :) My current client has a very strict security review for all applications before they go into production. We deal with ...

8. verify - no SQL Injection attacks

9. Design problem: need to inject extra sql statements / transp

Hi, I would like to have your input on the following problem: I need to retrieve data from the database which have all a common sql suffix. The common suffix part is used to retrieve data that passes the permission / security suffix So for example (simplified) I need to do the following: select * from tableA where

10. preventing SQL injection attacks

Hi, We use HQL for generating queries in our code and recently a user asked about SQL injection attacks. I was wondering if there was any kind of useful method I could pass my user input to to before doing the HQL that could transform quotes/parse out sql commands, etc to make my life easier. I understand that in general every ...

11. does Hibernate guard against SQL injection?

12. SQL Injection safe code?

public List getAllItemsForList(Long list) { Query q = getSession().createQuery("from ListItem li where li.listId = :pListId order by sortorder asc"); q.setLong("pListId", list.longValue()); List items = q.list(); log.debug("[getAll] returning list of size " + items.size()); ...