Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #38136 Back to Issue ]
Summary 0038136: Tracking issue: Find & Fix queries not using bind-params but embedding values into query string
Revision 2018-03-14 16:26 by shuehner
Description Queries should separate query text from data values which is done using bind-parameters.

That is important to 3 reasons:
a.) Avoid SQL/HQL injections
b.) Not have 'different SQL text' for same query but different values
b.1) To efficient utilize hibernate cache
b.2) Inefficient use of oracle query cache as not using bind variables make 'same query' show up with many times with different query cache.

This issue is to link the various individual issues to fix the concrete cases found.
Revision 2018-03-14 16:15 by shuehner
Description Queries should separate query text from data values which is done using bind-parameters.

That is important to 3 reasons:
a.) Avoid SQL/HQL injections
b.) Not have 'different SQL text' for same query but different values
b.1) To efficient utilize hibernate cache
b.2)

This issue is to link the various individual issues to fix the concrete cases found.


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker