Prevent SQL injection attacks

Erik Lidälv
Erik Lidälv
Vote:
 

Hi! Is there any built-in security against SQL injection in EPiServer (Star-) Community 3.1, for example using parameterized queries?

/Erik

#23119
Aug 27, 2008 14:28
Per Bjurström
Per Bjurström
Vote:
 
Yes, by using stored procedures or parameterized dynamic sql.
#23152
Aug 28, 2008 15:18
andreas.ek@internetfabriken.se
andreas.ek@internetfabriken.se
Vote:
 

Why not use linq?

Perhaps one day EPiServer will provide development support with VS2008 ;-)

#23158
Aug 28, 2008 20:38
Per Bjurström
Per Bjurström
Vote:
 

Entity Framework with LINQ-to-Entities is an option but it has just been released and v1 is kind of limited if you are using EAV models. LINQ-to-SQL is  not an option because it does not support Oracle and has no abstraction of the database model. Community use NHibernate for querying.

EPiServer CMS 5 R2(soon to be released) will officially support VS2008 but I know many already doing their development on VS2008 with a few tweaks, see:
http://labs.episerver.com/en/Blogs/Tags/Visual-Studio-2008/

 

#23168
Aug 29, 2008 11:19
This thread is locked and should be used for reference only. Please use the Legacy add-ons forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.