• Post Reply Bookmark Topic Watch Topic
  • New Topic

SQL Injection Issue — getHibernateTemplate().delete(getObject(objectClass,objectId)) method  RSS feed

 
Raj Kkr
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am fixing code against the code audit report for security issues for PCI standard-- SQL Injection. The following method is used extensively for deleting records in the whole module and is defined in a base class.

public void delete(Class objectClass, long objectId)throws DAOException{
try{
getHibernateTemplate().delete(getObject(objectClass,objectId));
}catch(Exception e){
throw new DAOException(e);
}
}

The report says the "Injection of data received from servlet request ("getObject(objectClass,objectId)") to User Defined Dangerous" against the call getHibernateTemplate().delete(getObject(objectClass,objectId))
How to resolve the issue???
I have already fixed some more SQL Injection issues through the prepared statement in HQL and had also done some homework for this one but yet to find a prospective solution.
Please help.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!