Henri Yandell schrieb:
Should the DatabaseConfiguration class be responsible for protecting
against SQL Injection, or should we make sure the javadoc states that
it offers no protection and leave that up to the user?
Hen
Adding a note about this topic to the documentation would certainly do
no harm.
From a short look at the code I think that chances for SQL Injection on
a correctly initialized DatabaseConfiguration (i.e. the settings for the
database table are valid) are pretty small: Everywhere
PreparedStatements are used.
Oliver
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
