This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "CRV2 SQLInjHQL"

From OWASP
Jump to: navigation, search
(Created page with "==Hibernate Query Language (HQL)== Hibernate facilitates the storage and retrieval of Java domain objects via Object/Relational Mapping (ORM). It is a very common misconcep...")
(No difference)

Revision as of 21:35, 15 June 2014

Hibernate Query Language (HQL)

Hibernate facilitates the storage and retrieval of Java domain objects via Object/Relational Mapping (ORM).

It is a very common misconception that ORM solutions, like hibernate, are SQL Injection proof. Hibernate allows the use of "native SQL" and defines a proprietary query language, called HQL (Hibernate Query Language); the former is prone to SQL Injection and the later is prone to HQL (or ORM) injection.

Retrieved from "https://wiki.owasp.org/index.php?title=CRV2_SQLInjHQL&oldid=176928"