Closed sam98uele closed 3 years ago
alessandriniluca
commented
3 years ago It can be done, but not necessary for password, since it is hashed before performing queries, and for example single quotes, and other ambiguous characters have not the problem of sql injection or other suff
sam98uele
commented
3 years ago There is no problem of SQL Injection (JPA solves it automatically), Username and passwords are already Escaped (we did not modified it) But we removed Escaping in "Questions" and "Answers", but we need to restore the escaping.
I'll do it in the next days
sam98uele
commented
3 years ago Done
We need to restore Escape String (both EJB and WEB) for security reasons. (we do not care backspaces or accents)
Are you ok with that?