Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Roman2015-08-27 17:56:53
ASP.NET
Roman, 2015-08-27 17:56:53

SQL Injection and EntityFramework, how does using an ORM prevent such attacks?

How much does the use of ORM prevent SQL Injection, is ORM supposed to use parameterized queries and escape all special characters, or is there a way to carry out this attack, for example when using LINQ?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry Kovalsky, 2015-08-27
@yarosroman

It all depends on what you mapite. Ideally, completely. In fact, you can map some storage that takes a string parameter, but does it inside itself.
And here you will have a potential injection right in the database.
With ORM in general and EF + LINQ in particular, the problem is different - if you drag the entire table to the application server, and only then filter and sort it. Or maybe search for it - it will be hellishly slow and tedious. You will get a bottle neck that will not survive the load.

Similar questions
S
Sergey Korolkov2019-02-20 22:39:40
How to connect two sites to one localB database? 1Reply
C
CallMeYourDaddy2020-11-20 05:17:13
How to combine react and api on asp.net core? 2Reply
T
Timofey2022-04-12 13:37:05
How to configure localization, ResourceManager returns an error? 1Reply
B
Boogie19892016-10-01 00:28:27
What do you think about .Net Core and what are its prospects? 3Reply
T
touppercase2022-04-21 15:09:30
How to bind link/button behavior to a specific class instance? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question