Resumindo: SQL Injection ocorre quando o atacante consegue inserir uma série de intruções SQL dentro de uma 'query' através da manipulação das entrada de dados de uma aplicação.
Para quem não entendeu, segue um bom exemplo:
Dicas diversas de computação com uma pitada de inutilidade e tecnologia. Enjoy =)
package persistence; import java.util.List; import java.util.Map; /** * * @author felipe sartor */ public interface GenericDAO<T, PK>{ public void save(T t); public void remove(T t); public T refresh(T t); public T find(PK id); public T findParam(String query, Map<String, Object> params); public List<T> findEntities(); public List<T> findEntities(String query); public List<T> findEntitiesParam(String query, Map<String, Object> params); public List<T> findEntitiesParam(String query, Map<String, Object> params, int max, int atual); }E agora segue a sua implementação:
package persistence; import java.io.Serializable; import java.lang.reflect.ParameterizedType; import java.util.List; import java.util.Map; import javax.persistence.NoResultException; import javax.persistence.NonUniqueResultException; import org.hibernate.Query; import org.springframework.orm.hibernate3.support.HibernateDaoSupport; import org.springframework.transaction.annotation.Propagation; import org.springframework.transaction.annotation.Transactional; /** * * @author felipe sartor */ public abstract class GenericDAOImpl<T, PK extends Serializable > extends HibernateDaoSupport implements GenericDAO<T, PK> { private Class<T> persistenceClass = null; //Construtor usando Reflection @SuppressWarnings("unchecked") public GenericDAOImpl() { this.persistenceClass = (Class<T>) ((ParameterizedType) getClass().getGenericSuperclass()) .getActualTypeArguments()[0]; } //Set para a classe que será persistida. protected void setPersistenceClass(Class<T> persistenceClass) { this.persistenceClass = persistenceClass; } public Class<T> getPersistenceClass() { return persistenceClass; } /* @Transactional dá a classe automaticamente o poder de transação. * * Atributo: * readOnly - otimizações para transações somente de leitura */ @Transactional(readOnly = false, propagation = Propagation.REQUIRED) public void save(T t) { getHibernateTemplate().saveOrUpdate(t); } @Transactional(readOnly = false, propagation = Propagation.REQUIRED) public void remove(T t) { getHibernateTemplate().delete(t); } @Transactional(readOnly = false, propagation = Propagation.REQUIRED) public T refresh(T t) { getHibernateTemplate().merge(t); return t; } public T find(PK id) { return (T) getHibernateTemplate().get(persistenceClass, id); } public T findParam(String query, Map<String, Object> params) { Query q = getSession().createQuery(query); for(String chave : params.keySet()){ q.setParameter(chave, params.get(chave)); } try{ List l = q.list(); if(l.size() > 1){ throw new NonUniqueResultException(); } else { return (T) l.get(0); } } catch(NoResultException nre){ return null; } catch(NonUniqueResultException nure){ nure.printStackTrace(); return null; } } public List<T> findEntities() { return getHibernateTemplate().find( "from "+ persistenceClass.getSimpleName() ); } public List<T> findEntities(String query) { Query q = getSession().createQuery(query); return q.list(); } public List<T> findEntitiesParam( String query, Map<String, Object> params) { Query q = getSession().createQuery(query); for(String chave : params.keySet()){ q.setParameter(chave, params.get(chave)); } return q.list(); } public List<T> findEntitiesParam(String query, Map<String, Object> params, int max, int atual) { Query q = getSession().createQuery(query) .setMaxResults(max).setFirstResult(atual); for(String chave : params.keySet()){ q.setParameter(chave, params.get(chave)); } return q.list(); } }
<link href='http://alexgorbatchev.com/pub/sh/current/styles/shCore.css' rel='stylesheet' type='text/css'/> <link href='http://alexgorbatchev.com/pub/sh/current/styles/shThemeDefault.css' rel='stylesheet' type='text/css'/> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shCore.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCpp.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCSharp.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCss.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJava.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJScript.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPhp.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPython.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushRuby.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushSql.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushVb.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushXml.js' type='text/javascript'></script> <script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPerl.js' type='text/javascript'></script> <script language='javascript'> SyntaxHighlighter.config.bloggerMode = true; SyntaxHighlighter.config.clipboardSwf = 'http://alexgorbatchev.com/pub/sh/current/scripts/clipboard.swf'; SyntaxHighlighter.all(); </script>
<pre class="brush: html"> </pre>
Ferramentas CASE (do inglês Computer-Aided Software Engineering) é uma classificação que abrange todas ferramentas baseada em computadores que auxiliam atividades de engenharia de software, desde análise de requisitos e modelagem até programação e testes. Podem ser consideradas como ferramentas automatizadas que tem como objetivo auxiliar o desenvolvedor de sistemas em uma ou várias etapas do ciclo de desenvolvimento de software
private Object lastSelected="0"; public Object getSelected(){ String sv = (String)radioButton1.getSelectedValue(); return sv.equals(lastSelected) ? sv : null; } public void setSelected(Object selected) { if (selected != null) { lastSelected = selected; } } public Object getSelectedValue() { return tableRowGroup1.getRowKey().getRowId(); }
public String btnSelecionar_action() { String aRowId = (String)RadioButton.getSelected("buttonGroup"); RowKey aRowKey = pacienteProvider.getRowKey(aRowId); Paciente selectedPaciente = (Paciente) pacienteProvider.getObject(aRowKey); return null; }