DannyArcher Posted July 7, 2016 Report Posted July 7, 2016 2 hours ago, fake_Bezawada said: oka manchi link padey bro naku pleaseeeee oka 1 week mee CBN,Balayya thread la joliki raanu naku telusu , kani neku chepanu Quote
loveindia Posted July 7, 2016 Report Posted July 7, 2016 aa concept ne prepared statement or something like that antaru kada man... most programming languages lo vadataaru... try google that name.. nenu Java expert ni kaadu but I know how in my team they do this, so telling... exact direction lo point cheyalenu but thats the term used with sql queries to avoid sql injection ... recently done same with Json... Quote
SANANTONIO Posted July 7, 2016 Report Posted July 7, 2016 3 hours ago, fake_Bezawada said: oka manchi link padey bro naku pleaseeeee oka 1 week mee CBN,Balayya thread la joliki raanu Quote
SANANTONIO Posted July 7, 2016 Report Posted July 7, 2016 http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement Quote
icecreamZ Posted July 7, 2016 Report Posted July 7, 2016 7 hours ago, fake_Bezawada said: ippudu web services lo json response vastundhi kadha ajax or some js nunchi andhulo SQL injection vunte ela validate chestaru evarina baaga telisina vaalu vunte help me please are you taking about request? sql statment execute chese mundhu....input params ni validate cheyyi. or use prepared statements with param substitution. Quote
RamanaReddy Posted July 7, 2016 Report Posted July 7, 2016 Basically sql injection should be taken care at server side.. client can be written n altered by anybody.. if you're writing client use encoding your sensitive data while posting your requests. If you're using spring framework, use spring data jpa over hibernate.. it has SQL injection prevention mechanism.. can't write much here .. providing some pointers.. http://stackoverflow.com/questions/12400506/spring-data-crud-methods http://javabeat.net/spring-data-jpa-query/ for external links.. Quote
TOM_BHAYYA Posted July 7, 2016 Report Posted July 7, 2016 29 minutes ago, icecreamZ said: are you taking about request? sql statment execute chese mundhu....input params ni validate cheyyi. or use prepared statements with param substitution. Sql injection ante any sample req post here plz Quote
icecreamZ Posted July 7, 2016 Report Posted July 7, 2016 5 minutes ago, TOM_BHAYYA said: Sql injection ante any sample req post here plz sodhara test chesthunav ga form data to sql statements petti pampatam. http://www.w3schools.com/sql/sql_injection.asp Quote
TOM_BHAYYA Posted July 7, 2016 Report Posted July 7, 2016 2 minutes ago, icecreamZ said: sodhara test chesthunav ga form data to sql statements petti pampatam. http://www.w3schools.com/sql/sql_injection.asp Kk sql statements Aina .. Or just input parameters Aina.. Validate etla cheyali Ani a ts kochhen? Quote
fake_Bezawada Posted July 7, 2016 Author Report Posted July 7, 2016 38 minutes ago, icecreamZ said: are you taking about request? sql statment execute chese mundhu....input params ni validate cheyyi. or use prepared statements with param substitution. Input param ni ela validate chestam Suppose naku DTO form lo vastundi from js like {user:"babloo || delete from userdetails",password:"bumchik"} nenu rest vatchi @GET @PATH @Produces(MediaType.APPLICATION_JSON) public String doSomething(UserDTO udto); ila object mapping chestunanu ah udto ni persist cheaetapudu ee paricular param ni ela validate cheyyali Quote
fake_Bezawada Posted July 7, 2016 Author Report Posted July 7, 2016 16 minutes ago, RamanaReddy said: Basically sql injection should be taken care at server side.. client can be written n altered by anybody.. if you're writing client use encoding your sensitive data while posting your requests. If you're using spring framework, use spring data jpa over hibernate.. it has SQL injection prevention mechanism.. can't write much here .. providing some pointers.. http://stackoverflow.com/questions/12400506/spring-data-crud-methods http://javabeat.net/spring-data-jpa-query/ for external links.. Thank you for that bro Quote
fake_Bezawada Posted July 7, 2016 Author Report Posted July 7, 2016 Na scenario cheppa kada ala object mapping lo response capture chesetapudu ela validate cheyyali Quote
SeemaLekka Posted July 7, 2016 Report Posted July 7, 2016 Just now, fake_Bezawada said: Na scenario cheppa kada ala object mapping lo response capture chesetapudu ela validate cheyyali enni years exp undi? Quote
fake_Bezawada Posted July 7, 2016 Author Report Posted July 7, 2016 Just now, SeemaLekka said: enni years exp undi? Vaddu le bhayyiah malli tidathav idi kooda raada ani Naku 4years exp india lo Quote
SeemaLekka Posted July 7, 2016 Report Posted July 7, 2016 Just now, fake_Bezawada said: Vaddu le bhayyiah malli tidathav idi kooda raada ani Naku 4years exp india lo naku e thread lo matladedi edi teledu. exp endukante inka onsite chance raledannav ga andukani adiga Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.