[Esapi-user] [OWASP-ESAPI] Any codec for Sybase?

John Melton jtmelton at gmail.com
Thu Sep 16 22:29:18 EDT 2010


Jim,
If the DB encoders are not recommended, should they be removed, or at least
deprecated for future removal?

Thanks,
John

On Thu, Sep 16, 2010 at 10:22 PM, Jim Manico <jim.manico at owasp.org> wrote:

> No to Sybase, and please do NOT use the database encoders! They are a
> (terrible) last resort (nor can we guarantee perfect SQL Injection
> protection if you use them to escape dynamic queries).
>
> If you want complete SQL injection protection, you should be using the Java
> PreparedStatement class, variable binding, and the latest Sybase JDBC
> driver.
>
> Respectfully,
>
> -Jim Manico
> http://manico.net
>
> On Sep 16, 2010, at 8:17 PM, Vasten <vasten at gmail.com> wrote:
>
> > Hi:
> > I see codecs for Oracle and MySQL, is there one for Sybase?
> >
> > Thanks,
> > keith
> > _______________________________________________
> > OWASP-ESAPI mailing list
> > OWASP-ESAPI at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-esapi
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100916/dfca4546/attachment.html 


More information about the Esapi-user mailing list