Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using HTTP Basic Authentication in my Spring MVC project. Is Spring’s authentication protected from SQL Injection?
Can any expert provide a statement on this? Or provide links to a statement.
In agreement with Simeon, it is as safe as any underlying customizations you have applied to the standard framework.
The standard framework implementation of
JdbcDaoImplusesPreparedStatements for all JDBC access, which should protect against SQL injection attacks, even if you modify the queries. If you extend it or write your own implementation, however, all bets are off.From an architectural perspective, your question is not entirely accurate – the method of passing authentication credentials (basic, in your case) doesn’t directly impact what actually reaches the database. There is a good layer of abstraction between the receipt and verification of credentials. I would suggest consulting the Spring Security documentation to understand why this is so.