WebApp Sec mailing list archives

Re: Hibernate Query Language

From: "ThorOdino () X-Planet org" <ThorOdino () X-Planet org>
Date: Thu, 10 Nov 2005 14:16:53 +0100

alfredhitchcock_007 () yahoo com wrote:

X-Privat FREE Server - Spam Result
---------------------------------------------------------

Reject by Mail filter content extentions

Unauthorized country: Canada

X-Privat FREE Server - www.x-privat.org
----------------------------------------------------------------------


Hi All,

I am being tasked to do a comprehensive security audit for a java application. This java application is using 
Hibernate Query Language (HQL). Does anybody have an idea about vulnerable API's in HQL? How do I find out vulnerable 
SQL constructs in this language? 

I am thorough with SQL Injection where Dynamic queries and normal stored procedures are being used. But HQL uses 
different API's to construct the SQL query. Can anybody help me in identifying potential issues with HQL?

Current thread:

Hibernate Query Language alfredhitchcock_007 (Nov 10)
- Re: Hibernate Query Language Andrew van der Stock (Nov 10)
  - RE: Hibernate Query Language Benjamin Livshits (Nov 10)
- Re: Hibernate Query Language ThorOdino () X-Planet org (Nov 10)