[Esapi-user] [OWASP-ESAPI] Any codec for Sybase?
jim.manico at owasp.org
Thu Sep 16 22:42:45 EDT 2010
They are last resort. There are edge (very edgy) cases where PreparedStatements dramatically harm performance and manual escaping is required. I will review the JavaDoc and explain this in better detail.
On Sep 16, 2010, at 9:29 PM, John Melton <jtmelton at gmail.com> wrote:
> If the DB encoders are not recommended, should they be removed, or at least deprecated for future removal?
> On Thu, Sep 16, 2010 at 10:22 PM, Jim Manico <jim.manico at owasp.org> wrote:
> No to Sybase, and please do NOT use the database encoders! They are a (terrible) last resort (nor can we guarantee perfect SQL Injection protection if you use them to escape dynamic queries).
> If you want complete SQL injection protection, you should be using the Java PreparedStatement class, variable binding, and the latest Sybase JDBC driver.
> -Jim Manico
> On Sep 16, 2010, at 8:17 PM, Vasten <vasten at gmail.com> wrote:
> > Hi:
> > I see codecs for Oracle and MySQL, is there one for Sybase?
> > Thanks,
> > keith
> > _______________________________________________
> > OWASP-ESAPI mailing list
> > OWASP-ESAPI at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-esapi
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user