Quantcast

Torque and SQL Injection

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Torque and SQL Injection

Adrian Paleacu
Hi everyone,

I'm wondering how safe is torque on sql injection attacks, I dind't fine any
official page on that.


Regards,

Adrian
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Torque and SQL Injection

Thomas Fox-2
Torque 3.3 escapes Strings in Queries(see method
org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so
SQL injection should not be a problem.
The current Torque 4 trunk uses Prepared statements throughout, which is
probably even better.

     Thomas

Adrian Paleacu <[hidden email]> schrieb am 05.08.2011 16:14:10:

> Von:
>
> Adrian Paleacu <[hidden email]>
>
> An:
>
> [hidden email]
>
> Datum:
>
> 05.08.2011 16:14
>
> Betreff:
>
> Torque and SQL Injection
>
> Hi everyone,
>
> I'm wondering how safe is torque on sql injection attacks, I dind't fine
any
> official page on that.
>
>
> Regards,
>
> Adrian


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Torque and SQL Injection

Adrian Paleacu
Hi Thomas,

 Torque 3.2 also implements  SqlExpression.quoteAndEscapeText

Regards,

Adrian



On Fri, Aug 5, 2011 at 5:22 PM, Thomas Fox <[hidden email]> wrote:

> Torque 3.3 escapes Strings in Queries(see method
> org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so
> SQL injection should not be a problem.
> The current Torque 4 trunk uses Prepared statements throughout, which is
> probably even better.
>
>     Thomas
>
> Adrian Paleacu <[hidden email]> schrieb am 05.08.2011 16:14:10:
>
> > Von:
> >
> > Adrian Paleacu <[hidden email]>
> >
> > An:
> >
> > [hidden email]
> >
> > Datum:
> >
> > 05.08.2011 16:14
> >
> > Betreff:
> >
> > Torque and SQL Injection
> >
> > Hi everyone,
> >
> > I'm wondering how safe is torque on sql injection attacks, I dind't fine
> any
> > official page on that.
> >
> >
> > Regards,
> >
> > Adrian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Loading...