Can I protect against SQL Injection by escaping single-quote and surrounding user input with single-quotes?
String badInput = rawInput.replace("'","''");
I am currently evaluating authentication / authorization frameworks.
Apache Shiro seems to be very nice but I am missing row-level security features.
E.g. there might be special rows in a database which should ...