| commit | 3a91305f3515b0338aaf68a1748e33201dab67bf | |
| author | Jonas Fonseca <fonseca@diku.dk> | |
| Tue, 30 Oct 2007 05:52:36 +0000 (30 06:52 +0100) | ||
| committer | Jonas Fonseca <fonseca@diku.dk> | |
| Tue, 30 Oct 2007 13:11:52 +0000 (30 14:11 +0100) | ||
| tree | a3e753d3d9cd32f9c26c4ca610c5622f1207293a | treesnapshot (tar.gz zip) |
| parent | b72d338843e1996296159aecf9b014c947db4cf5 | commitdiff |
issue #1: use prepared statements to prevent SQL injection attacks
As described in issue #1, the web services were vulnerable to SQL
injection attacks due to passing data from user unchecked to the
database. Rather than sanitizing the user input simply use JDBC prepared
statements to convert the java query pameters to the SQL equivalents.
As described in issue #1, the web services were vulnerable to SQL
injection attacks due to passing data from user unchecked to the
database. Rather than sanitizing the user input simply use JDBC prepared
statements to convert the java query pameters to the SQL equivalents.