This post originated from an RSS feed registered with .NET Buzz
by Udi Dahan.
Original Post: SQL Injection attacks & O/R mapping
Feed Title: Udi Dahan - The Software Simplist
Feed URL: http://feeds.feedburner.com/UdiDahan-TheSoftwareSimplist
Feed Description: I am a software simplist. I make this beast of architecting, analysing, designing, developing, testing, managing, deploying software systems simple.
This blog is about how I do it.
You've probably never thought of SQL Injection Attacks and O/R mapping in the same context. I know I haven't, that is, until today. I saw Scott's post on how to "Guard Against SQL Injection Attacks" and started wondering how long it's been since I've given it any thought. Then I realized that it was around the same time I switched to O/R mapping.
Since data received from the user is put in domain objects, and then those objects are mapped to tables (or views) in the database, the O/R mapper just handles it all for me. I assume that all the mappers out there use parameterized SQL, but I know for sure that NHibernate does (from peeking at the logs every once in a while).
Anyway, just wanted to mention this added side benefit of moving to the Domain Model pattern - no more SQL injection worries.
Previous Topic
