I have a query for revoke which i execute using java class on db2 database.
REVOKE ROLE 'xyz' FROM USER 'john' BY ALL
In java i pass values for xyz and john through variables which can be attacked using sql injection. I cant use prepared statement here as this is DCL statement. I can't also use stored procedure to avoid this due to our application restrictions.
Is there any way to prevent/fix this injection?
Regards, Vijay Jamadade.
( Nothing is Impossible.)
So, assuming that whoever has access to your application also has administrative privileges, isn't it pointless to protect again SQL injection, since the admin can more easily break the system through other means?
Why fit in when you were born to stand out? - Seuss. Tiny ad: