Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection

I dunno about that. Impossible is such a big word, and I've seen SQL Injection successfully done at least few times against a stored procedure.

You should put your sample apps on a web site somewhere so people can knock it around a bit.

Dave Aitel
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ (Remote SQL Server exploits make SQL Injection even more fun than usual!)

On Mon, 30 Dec 2002 17:32:13 -0500
"Kevin Spett" <kspett@spidynamics.com> wrote:

> The use of prepared statements and stored procedures makes SQL
Received on Mon Dec 30 18:31:02 2002