Announcement Announcement Module
Collapse
No announcement yet.
sql injection attack Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • sql injection attack

    Few days back there was an audit and the report was the application was vulnerable to sql injection attack,

    we query the database by calling

    List result = session.createQuery("from LoginInfo where loginName = :loginName and password is null")
    .setString("loginName", info.getLoginName())
    .list();

    I ran some test and could not find anything, can anyone please help me in understanding why its broken and how can it be fixed.

    Thank You

  • #2
    I don't see why, but what I do to prevent sql inject is in client, never in server, a simple javascript can stop all this malign injections.

    Comment

    Working...
    X