Answer the question
In order to leave comments, you need to log in
SQL Injection and EntityFramework, how does using an ORM prevent such attacks?
How much does the use of ORM prevent SQL Injection, is ORM supposed to use parameterized queries and escape all special characters, or is there a way to carry out this attack, for example when using LINQ?
Answer the question
In order to leave comments, you need to log in
It all depends on what you mapite. Ideally, completely. In fact, you can map some storage that takes a string parameter, but does it inside itself.
And here you will have a potential injection right in the database.
With ORM in general and EF + LINQ in particular, the problem is different - if you drag the entire table to the application server, and only then filter and sort it. Or maybe search for it - it will be hellishly slow and tedious. You will get a bottle neck that will not survive the load.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question