You are viewing a plain text version of this content. The canonical link for it is here.
Posted to torque-user@db.apache.org by Adrian Paleacu <ad...@gmail.com> on 2011/08/05 16:14:10 UTC
Torque and SQL Injection
Hi everyone,
I'm wondering how safe is torque on sql injection attacks, I dind't fine any
official page on that.
Regards,
Adrian
Re: Torque and SQL Injection
Posted by Adrian Paleacu <ad...@gmail.com>.
Hi Thomas,
Torque 3.2 also implements SqlExpression.quoteAndEscapeText
Regards,
Adrian
On Fri, Aug 5, 2011 at 5:22 PM, Thomas Fox <Th...@seitenbau.net> wrote:
> Torque 3.3 escapes Strings in Queries(see method
> org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so
> SQL injection should not be a problem.
> The current Torque 4 trunk uses Prepared statements throughout, which is
> probably even better.
>
> Thomas
>
> Adrian Paleacu <ad...@gmail.com> schrieb am 05.08.2011 16:14:10:
>
> > Von:
> >
> > Adrian Paleacu <ad...@gmail.com>
> >
> > An:
> >
> > torque-user@db.apache.org
> >
> > Datum:
> >
> > 05.08.2011 16:14
> >
> > Betreff:
> >
> > Torque and SQL Injection
> >
> > Hi everyone,
> >
> > I'm wondering how safe is torque on sql injection attacks, I dind't fine
> any
> > official page on that.
> >
> >
> > Regards,
> >
> > Adrian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
> For additional commands, e-mail: torque-user-help@db.apache.org
>
>
RE: Torque and SQL Injection
Posted by Thomas Fox <Th...@seitenbau.net>.
Torque 3.3 escapes Strings in Queries(see method
org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so
SQL injection should not be a problem.
The current Torque 4 trunk uses Prepared statements throughout, which is
probably even better.
Thomas
Adrian Paleacu <ad...@gmail.com> schrieb am 05.08.2011 16:14:10:
> Von:
>
> Adrian Paleacu <ad...@gmail.com>
>
> An:
>
> torque-user@db.apache.org
>
> Datum:
>
> 05.08.2011 16:14
>
> Betreff:
>
> Torque and SQL Injection
>
> Hi everyone,
>
> I'm wondering how safe is torque on sql injection attacks, I dind't fine
any
> official page on that.
>
>
> Regards,
>
> Adrian
---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
For additional commands, e-mail: torque-user-help@db.apache.org