Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes JDBC and Relational Databases and the fly likes Validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC and Relational Databases
Bookmark "Validation" Watch "Validation" New topic
Author

Validation

ashok r
Greenhorn

Joined: Aug 28, 2005
Posts: 9
In my project i have to display the details of a customer by his name.the problem raised to me in this me is that hacker can easily delete my table contents by just typing the delete command of sql in textbox in place of giving his name. this is possible when he correctly guessess the table name given by me.

pls help me in overcoming from this problem

thanx in advance
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Change the grants on the DB so users of your application only have rights to read data.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Paul Clapham
Sheriff

Joined: Oct 14, 2005
Posts: 19728
    
  10

Use PreparedStatement instead of Statement to guard yourself against SQL injection attacks.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 63222
    
  69

"ashok.r",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
Forum Bartender
[ December 15, 2005: Message edited by: Bear Bibeault ]

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Validation
 
It's not a secret anymore!