loiclacombe / mybatisnet

Automatically exported from code.google.com/p/mybatisnet
0 stars 0 forks source link

Concurrency and SQL Injection #45

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
      Recently,I am learning NPetshop-1.0.0.RC1 example with "IBatisNet.DataAccess 1.0.0.249" and "IBatisNet.DataMap 1.0.0.249".
      following two questions confuse me. 
      One is  that there is just one static "DaoManager" and one static "SqlMap" session handler, but how to deal with many concurrent calls, whether DaoManager will underlyingly create many concurrent connnections to database?  Further more, whether I should let "IBatisNet" get with concurrent calls situation for me, or what I can do is all by myself? 
      Another question is that  whether DAO framework has code to prevent "SQL injection"? 
      Because of can not successfully download the source code,so I have to get your help. Waitting for your helps. Thanks!

Original issue reported on code.google.com by yanfabu_...@163.com on 28 Jun 2012 at 1:24

GoogleCodeExporter commented 9 years ago
    I am the provider of this defect. Recently I can download the source code successfully.
    Firstly, I found that function "OpenConnection"  create a connection underlying for each Http Request,and function "CloseConnection" close the connection asotiated with the current Http request. So, it can be seen clearly that "IBatisNet"  fits for  "B/S Concurrency scenario".
    Secondly, because of using "IDbDataParameter" Underlying, "IBatisNet" can prevent "SQL Injection" some how.
    Thanks, all the contributors!

Original comment by yanfabu_...@163.com on 6 Jul 2012 at 1:36