Win a copy of Java Mock Exams (software) this week in the Programmer Certification (OCPJP) forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

SQL Injection Issue — getHibernateTemplate().delete(getObject(objectClass,objectId)) method

 
Raj Kkr
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am fixing code against the code audit report for security issues for PCI standard-- SQL Injection. The following method is used extensively for deleting records in the whole module and is defined in a base class.

public void delete(Class objectClass, long objectId)throws DAOException{
try{
getHibernateTemplate().delete(getObject(objectClass,objectId));
}catch(Exception e){
throw new DAOException(e);
}
}

The report says the "Injection of data received from servlet request ("getObject(objectClass,objectId)") to User Defined Dangerous" against the call getHibernateTemplate().delete(getObject(objectClass,objectId))
How to resolve the issue???
I have already fixed some more SQL Injection issues through the prepared statement in HQL and had also done some homework for this one but yet to find a prospective solution.
Please help.
 
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!