London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!

Prevent SQL injection attacks

Vote:
 

Hi! Is there any built-in security against SQL injection in EPiServer (Star-) Community 3.1, for example using parameterized queries?

/Erik

#23119
Aug 27, 2008 14:28
Vote:
 
Yes, by using stored procedures or parameterized dynamic sql.
#23152
Aug 28, 2008 15:18
Vote:
 

Why not use linq?

Perhaps one day EPiServer will provide development support with VS2008 ;-)

#23158
Aug 28, 2008 20:38
Vote:
 

Entity Framework with LINQ-to-Entities is an option but it has just been released and v1 is kind of limited if you are using EAV models. LINQ-to-SQL is  not an option because it does not support Oracle and has no abstraction of the database model. Community use NHibernate for querying.

EPiServer CMS 5 R2(soon to be released) will officially support VS2008 but I know many already doing their development on VS2008 with a few tweaks, see:
http://labs.episerver.com/en/Blogs/Tags/Visual-Studio-2008/

 

#23168
Aug 29, 2008 11:19
This thread is locked and should be used for reference only. Please use the Legacy add-ons forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.