Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SQL Injection Issue — getHibernateTemplate().delete(getObject(objectClass,objectId)) method

 
Raj Kkr
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am fixing code against the code audit report for security issues for PCI standard-- SQL Injection. The following method is used extensively for deleting records in the whole module and is defined in a base class.

public void delete(Class objectClass, long objectId)throws DAOException{
try{
getHibernateTemplate().delete(getObject(objectClass,objectId));
}catch(Exception e){
throw new DAOException(e);
}
}

The report says the "Injection of data received from servlet request ("getObject(objectClass,objectId)") to User Defined Dangerous" against the call getHibernateTemplate().delete(getObject(objectClass,objectId))
How to resolve the issue???
I have already fixed some more SQL Injection issues through the prepared statement in HQL and had also done some homework for this one but yet to find a prospective solution.
Please help.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic