This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Little Book of Impediments (e-book only) and have Tom Perry on-line!
See this thread for details.
Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Hibernate 3 SQL Injection Attack possible on this kind of code ?

 
Priyanka Dandekar
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We are using hibernate 3 for our application, I wanted to be sure if we use the code snippet like below is it safe from SQL injection?

getSession().createCriteria(objectClass).add(Expression.eq(criteriaName,criteriaValue)).list();


Just wanted to be sure if hibernate is already taking care of it, need not do an extra effort.
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes its safe from SQL injection - largely because none of the methods shown accept SQL as parameters.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic