|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection
From: Kevin Spett <kspett(at)spidynamics.com>
Date: Mon Dec 30 2002 - 18:48:35 EST
Date: Mon Dec 30 2002 - 18:48:35 EST
Stored procedures by themselves do not provide protection, sorry if I worded that poorly. Prepared statements, *combined* with prepared statements do, which is how I meant that statement to be interpereted. Of course, "impossible" should be taken with a grain of salt.
Kevin Spett
SPI Labs
http://www.spidynamics.com/
- Original Message ----- From: "Dave Aitel" <dave@immunitysec.com> To: <webappsec@securityfocus.com> Sent: Monday, December 30, 2002 6:14 PM Subject: Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection
> I dunno about that. Impossible is such a big word, and I've seen SQL
Received on Mon Dec 30 19:10:00 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:46 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |