JDBC是否安全? [英] Is JDBC secure?
问题描述
我是新的JDBC,新项目需要我使用JDBC。我想知道的是,
是JDBC安全吗?
如何防止Mysql注入类似的问题?
我需要什么安全问题注意当我使用JDBC吗?
如何确保,我的意思是优化安全性,以防止黑客攻击数据库?
编辑:
我试过google,如果我google:
php mysql security problems=>它给了很多结果
如果我google:
jdbc mysql安全问题=>几乎看不到任何相关页面
这是否意味着,使用jdbc是安全的?不需要担心被黑客入侵?
使用预准备语句。对于假设的登录,您可以使用这个例如:
PreparedStatement stmt = conn.prepareStatement(SELECT * FROM member WHERE member_username =?AND member_password =?);
stmt.setString(1,username);
stmt.setString(2,password);
stmt.execute();
ResultSet rs = stmt.getResultSet();
// ...
这将完全屏蔽SQL注入漏洞。 p>
I am new to JDBC, and the new project require me to use JDBC. What I want to know is,
is the JDBC secure?
How to prevent "Mysql Injection"-like problem?
What are the security issues that I need to pay attention when I use JDBC?
And how to ensure, I mean optimize the security, in order to prevent from hackers to hack the database?
EDIT:
I tried google, if I google:
"php mysql security problems" => it gives a lot of result
if I google:
"jdbc mysql security problems" => hardly see any related pages
Does it mean, using jdbc is secure? Dont need to worry about being hack?
Use prepared statements. For a hypothetical login you might use this, for example:
PreparedStatement stmt = conn.prepareStatement("SELECT * FROM member WHERE member_username = ? AND member_password = ?");
stmt.setString(1, username);
stmt.setString(2, password);
stmt.execute();
ResultSet rs = stmt.getResultSet();
// ...
This will completely shield you from SQL Injection vulnerabilities.
这篇关于JDBC是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
