A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

AI OnAI Off

Prevent SQL injection attacks

Vote:
 

Hi! Is there any built-in security against SQL injection in EPiServer (Star-) Community 3.1, for example using parameterized queries?

/Erik

#23119
Aug 27, 2008 14:28
Per Bjurström
Per Bjurström
Vote:
 
Yes, by using stored procedures or parameterized dynamic sql.
#23152
Aug 28, 2008 15:18
andreas.ek@internetfabriken.se
andreas.ek@internetfabriken.se
Vote:
 

Why not use linq?

Perhaps one day EPiServer will provide development support with VS2008 ;-)

#23158
Aug 28, 2008 20:38
Per Bjurström
Per Bjurström
Vote:
 

Entity Framework with LINQ-to-Entities is an option but it has just been released and v1 is kind of limited if you are using EAV models. LINQ-to-SQL is  not an option because it does not support Oracle and has no abstraction of the database model. Community use NHibernate for querying.

EPiServer CMS 5 R2(soon to be released) will officially support VS2008 but I know many already doing their development on VS2008 with a few tweaks, see:
http://labs.episerver.com/en/Blogs/Tags/Visual-Studio-2008/

 

#23168
Aug 29, 2008 11:19
This thread is locked and should be used for reference only. Please use the Legacy add-ons forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.