I did web searches but I could not find solid answers. Is LINQ to NHibernate susceptible to SQL injection and other raw SQL attacks? If yes, what are same codes illustrating how to avoid such database attacks?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I did web searches but I could not find solid answers. Is LINQ to NHibernate susceptible to SQL injection and other raw SQL attacks? If yes, what are same codes illustrating how to avoid such database attacks?
No.
SQL injection usually works by taking advantage of string formatting. The arguments used in LINQ expressions are safe. The provider will handle the generation of the SQL in such a way that nefarious SQL in the arguments will not be executed, and arguments will be constrained to existing as they are defined.
Furthermore under the hood it uses paramaterized SQL Queries which are immune to injection attacks.