[Hibernate-issues] [Hibernate-JIRA] Closed: (HB-192) net.sf.hibernate.type.StringType contains risky

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Message:

   The following issue has been closed.

   Resolver: Max Rydahl Andersen
       Date: Tue, 15 Jul 2003 2:34 PM

Not an error or bug (at least not if the sql is executed via preparedstatements which is the case with hibernate's hql/criteria stuff)
---------------------------------------------------------------------
View the issue:

  http://opensource.atlassian.com/projects/hibernate/secure/ViewIssue.jspa?key=HB-192

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: HB-192
    Summary: net.sf.hibernate.type.StringType contains risky SQL generation
       Type: Bug

     Status: Closed
   Priority: Major
 Resolution: REJECTED

    Project: Hibernate2
 Components: 
             core
   Versions:
             2.0.1

   Assignee: 
   Reporter: Paul Brown

    Created: Mon, 14 Jul 2003 10:55 AM
    Updated: Tue, 15 Jul 2003 2:34 PM

Description:
The method:

	public String objectToSQLString(Object value) throws Exception {
		return '\'' + (String) value + '\'';
	}

risks creating dangerous SQL in the hands of a well-informed, malicious user.

---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://opensource.atlassian.com/projects/hibernate/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira

[Hibernate-issues] [Hibernate-JIRA] Closed: (HB-192) net.sf.hibernate.type.StringType contains risky

An object relational-mapping (ORM) library for Java

[Hibernate-issues] [Hibernate-JIRA] Closed: (HB-192) net.sf.hibernate.type.StringType contains risky SQL generation