SlideShare ist ein Scribd-Unternehmen logo

Java Persistence Frameworks

Als KEY, PDF herunterladen
D
day
TechnologieNews & Politik
1 von 52
Java Persistence Frameworks Popular and next generation persistence frameworks Thomas Müller Day Software AG Presentation 7780
2 Agenda • Introduction • Persistence Frameworks - SQL(++) - O/R Mapping - Next Generation • SQL Injection
3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
4 Persistence Frameworks 1990 1995 2000 2005 2010
4 Persistence Frameworks 1990 SQL(++) ODB C 1995 JDBC 2000 iBATIS DbU t i l s 2005 2010
4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e 2000 H i be r n at iBATIS DbU t i l s J DO J PA 2005 2010
4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 J PA 2 .0 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
5 SQL(++)
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } <sqlMap resource="com/mydomain/data/Student.xml"/> <sqlMap namespace="Student"> <typeAlias alias="Student" type="com.mydomain.data.Student"/> <select id="selectStudent" resultClass="Student"> select * from Student where name = #name# </select> </sqlMap> PreparedStatement prep = Student student = (Student) sqlMapper. conn.prepareStatement( "select * from Student where name = ?"); queryForObject("selectStudent", name); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC iBATIS
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC iBATIS
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } ResultSetHandler h = new BeanHandler(Student.class); Student s = (Student) run.query(conn, "select * from Student where name=?", handler, new Object[]{name}); PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); ResultSetHandler h = new BeanHandler(Student.class); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); Student s = (Student) run.query(conn, <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); "select * from Student where name=?", selectStudentStudent where name sqlMapper. * from student = (Student) = #name# <sqlMap resource="com/mydomain/data/Student.xml"/> rs.next(); handler, new Object[]{name}); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
6 O/R Mapping
6 O/R Mapping Illusion - there is no database b e r n a te - still need configuration Hi Auto-Save - objects are stateful - automatic dirty checking J DO J PA Auto-Navigation - in queries - get() loads referred object - collection support
7 O/R Mapping
7 O/R Mapping J DO J PA e H i be r n at
7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS
7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular
7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular Google AppEngine Google AppEngine
8 Hibernate
8 Hibernate Dependencies hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar
8 <!DOCTYPE hibernate-configuration PUBLIC hibernate3.jar hibernate-annotations.jar "-//Hibernate/Hibernate Configuration DTD 3.0//EN" hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> commons-logging-1.1.jar ejb3-persistence.jar <hibernate-configuration> antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar <session-factory> jta-1.1.jar slf4j-api-1.5.6.jar <property name="connection.url">jdbc:h2:mem:test</property> slf4j-simple-1.5.6.jar <property name="connection.username">sa</property> <property name="connection.driver_class">org.h2.Driver</property> Dependencies <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> </session-factory> Configuration </hibernate-configuration> hibernate.cfg.xml Annotations or XML import javax.persistence.*; @Entity public class Student { @Id @GeneratedValue private Long id; @Column private String name; }
8 hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar Dependencies Configuration hibernate.cfg.xml Student s = (Student) session.createQuery( Annotations or XML "from Student s where name=?"). setString(0, name).list().get(0); Query <!DOCTYPE hibernate-configuration PUBLIC import javax.persistence.*; "-//Hibernate/Hibernate Configuration DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> @Entity <hibernate-configuration> <session-factory> public class Student { <property name="connection.url">jdbc:h2:mem:test</property> @Id @GeneratedValue <property name="connection.username">sa</property> private Long id; <property name="connection.driver_class">org.h2.Driver</property> @Column <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> private String name; </session-factory> } </hibernate-configuration>
9 Next Generation: JaQu
9 Next Generation: JaQu POJO public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst();
9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst(); No String Student s = new Student(); Student s = new Student(); - No SQL injection List<Student> students = s.name = "Robert"; db.from(s).where(s.name). db.insert(s); is(name).select();
10 SQL Injection
10 SQL Injection
10 SQL Injection
10 SQL Injection
10 SQL Injection stat.execute("select * from " + "Students where name='" + name + "'");
10 SQL Injection stat.execute("select * from " + "Students where name='" + "Robert'; DROP TABLE Students--'"); name + "'");
10 SQL Injection PreparedStatement prep = conn.prepareStatement( "select * from " + "Students where name=?"); stat.execute("select * from " + prep.setString(1, name); "Students where name='" + prep.execute(); "Robert'; DROP TABLE Students--'"); name + "'");
11 SQL Injection
11 SQL Injection CT * " + JDBC stat.exe cute("SELE ERE " + ERS WH "FROM US ='"+pwd+"'"); D "PASSWOR
11 SQL Injection run.query( ("SELECT * " + JDBC te stat.execu * ERS WHERE s + "SELECT S FROM User " " + "F HEREU sswor "WROM paD='"+pwd'" "'"); + DBUtils SWOR pwAS+ "'"); "P d d= +
11 SQL Injection < lect d rusequeriy(=""SELECT * " + n. g JDBC selext cDte( etUser"RE " + t.ec e I u asFRS WHE ...> sta ELECT * EidOM Users "S whHEMPUS R fromwd+""S); "F er RE pass O + U "WROe ASSWworp = SER '"+ DBUtils '$PASSWORD='" D = '" + "pd + ' pwwd$"'"); Rd </select> iBATIS
11 SQL Injection < lect d rusequeriy(=""SELECTQuery( n. q = *"+ JDBC Query t cDte(g.creaer" ..E " + selexe I u emetUs te R .> stat.ec ECTasEidSfWH) "ers "SEL (u E "SELereT U* FRCTom U+E""S); whHEMPOBJE OM pwd+ R + O REAS R r Us S + EC "WR Us Rss ORD = " '" "F "FROSSWOSSWwordRE '" + pa u W+ DBUtils '$PAM$' erD='"HE = " pwd "'"); '"+pwd+"'"); pwd + </selesword= "pasct> iBATIS JPA
11 SQL Injection < l t d rusequeriy(=""SELECTQuery( Querecq = em.creaer * "y( n. y = er + JDBC Qutley tqIDte(getUs te" er " + se .execu pm.newQuRE c ...> staUserECas* EidSfWH) "ers EC as, "SEL T OBJE OM Us s E "SELer.clT S FRCTom U+E""S); whHEMPU R r (u wd+ R + "WR M UserD'"+RD RES + "F Oe AS "passwor SWO HE = " '" RE pa u W+p "FROSSWOd= ='"pwd+"'"+ DBUtils '$PA d$' Rssword = '" ); " pw + "'"); '"+pwd+"'"); pwd </selesword= "pasct> iBATIS JPA JDO
11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO JCR
11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
Images are Creative Commons licensed Thomas Mueller Mountain Bike http://www.flickr.com/photos/kgsbikes/3043775162 Software Engineer Solex http://www.e-solex.fr http://www.h2database.com Scooter http://www.flickr.com/photos/janet/2844615758 http://www.day.com Generic Car http://jackrabbit.apache.org http://www.flickr.com/photos/markscott/389221242 Generic Jeep http://www.flickr.com/photos/markscott/389221372 Ford Focus http://www.flickr.com/photos/stevecoulterperformancecars/ 2965383580 Smart http://www.smart.com xkcd Comic "Exploits of a Mom" http://xkcd.com/327 http://ibatis.apache.org http://commons.apache.org/dbutils http://www.hibernate.org http://www.datanucleus.org http://openjpa.apache.org http://www.eclipse.org/eclipselink http://www.oracle.com/technology/products/ias/toplink http://www.h2database.com/html/jaqu.html

Empfohlen

D17111 gc30 sg1
D17111 gc30 sg1D17111 gc30 sg1
D17111 gc30 sg1myonlineworld
 
D17111 gc30 sg2
D17111 gc30 sg2D17111 gc30 sg2
D17111 gc30 sg2myonlineworld
 
D17108 gc30 sg1
D17108 gc30 sg1D17108 gc30 sg1
D17108 gc30 sg1myonlineworld
 
D17108 gc30 sg2
D17108 gc30 sg2D17108 gc30 sg2
D17108 gc30 sg2myonlineworld
 
Embrace OSGi Apache Con Europe2009
Embrace OSGi Apache Con Europe2009Embrace OSGi Apache Con Europe2009
Embrace OSGi Apache Con Europe2009day
 
Tarpm Clustering
Tarpm ClusteringTarpm Clustering
Tarpm Clusteringday
 
Scripting Yor Java Application with BSF3
Scripting Yor Java Application with BSF3Scripting Yor Java Application with BSF3
Scripting Yor Java Application with BSF3day
 
Apache jMeter
Apache jMeterApache jMeter
Apache jMeterNexThoughts Technologies
 

Empfohlen

D17111 gc30 sg1
D17111 gc30 sg1D17111 gc30 sg1
D17111 gc30 sg1myonlineworld
 
D17111 gc30 sg2
D17111 gc30 sg2D17111 gc30 sg2
D17111 gc30 sg2myonlineworld
 
D17108 gc30 sg1
D17108 gc30 sg1D17108 gc30 sg1
D17108 gc30 sg1myonlineworld
 
D17108 gc30 sg2
D17108 gc30 sg2D17108 gc30 sg2
D17108 gc30 sg2myonlineworld
 
Embrace OSGi Apache Con Europe2009
Embrace OSGi Apache Con Europe2009Embrace OSGi Apache Con Europe2009
Embrace OSGi Apache Con Europe2009day
 
Tarpm Clustering
Tarpm ClusteringTarpm Clustering
Tarpm Clusteringday
 
Scripting Yor Java Application with BSF3
Scripting Yor Java Application with BSF3Scripting Yor Java Application with BSF3
Scripting Yor Java Application with BSF3day
 
Apache jMeter
Apache jMeterApache jMeter
Apache jMeterNexThoughts Technologies
 
Performance Pack
Performance PackPerformance Pack
Performance Packday
 
Scala for scripting
Scala for scriptingScala for scripting
Scala for scriptingday
 
Scala4sling
Scala4slingScala4sling
Scala4slingday
 
Testing Zen
Testing ZenTesting Zen
Testing Zenday
 
Tech Summit 08 Support Initiative
Tech Summit 08 Support InitiativeTech Summit 08 Support Initiative
Tech Summit 08 Support Initiativeday
 
Non Cms For Web Apps
Non Cms For Web AppsNon Cms For Web Apps
Non Cms For Web Appsday
 
Getting Into The Flow With Cq Dam
Getting Into The Flow With Cq DamGetting Into The Flow With Cq Dam
Getting Into The Flow With Cq Damday
 
Dispatcher Oom
Dispatcher OomDispatcher Oom
Dispatcher Oomday
 
Advanced Collaboration And Beyond
Advanced Collaboration And BeyondAdvanced Collaboration And Beyond
Advanced Collaboration And Beyondday
 
Wc Mand Connectors2
Wc Mand Connectors2Wc Mand Connectors2
Wc Mand Connectors2day
 
Jackrabbit Roadmap
Jackrabbit RoadmapJackrabbit Roadmap
Jackrabbit Roadmapday
 
Doc Book Vs Dita
Doc Book Vs DitaDoc Book Vs Dita
Doc Book Vs Ditaday
 
Doc Book Vs Dita Teresa
Doc Book Vs Dita TeresaDoc Book Vs Dita Teresa
Doc Book Vs Dita Teresaday
 
862
862862
862day
 
Apache Con Us2007 Sanselan
Apache Con Us2007 SanselanApache Con Us2007 Sanselan
Apache Con Us2007 Sanselanday
 
Apache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In ActionApache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In Actionday
 
Apache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei BatisApache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei Batisday
 
Apache Con U S07 F F T Sling
Apache Con U S07 F F T SlingApache Con U S07 F F T Sling
Apache Con U S07 F F T Slingday
 
200711 R E S T Apache Con
200711 R E S T Apache Con200711 R E S T Apache Con
200711 R E S T Apache Conday
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Weitere ähnliche Inhalte

Mehr von day

Performance Pack
Performance PackPerformance Pack
Performance Packday
 
Scala for scripting
Scala for scriptingScala for scripting
Scala for scriptingday
 
Scala4sling
Scala4slingScala4sling
Scala4slingday
 
Testing Zen
Testing ZenTesting Zen
Testing Zenday
 
Tech Summit 08 Support Initiative
Tech Summit 08 Support InitiativeTech Summit 08 Support Initiative
Tech Summit 08 Support Initiativeday
 
Non Cms For Web Apps
Non Cms For Web AppsNon Cms For Web Apps
Non Cms For Web Appsday
 
Getting Into The Flow With Cq Dam
Getting Into The Flow With Cq DamGetting Into The Flow With Cq Dam
Getting Into The Flow With Cq Damday
 
Dispatcher Oom
Dispatcher OomDispatcher Oom
Dispatcher Oomday
 
Advanced Collaboration And Beyond
Advanced Collaboration And BeyondAdvanced Collaboration And Beyond
Advanced Collaboration And Beyondday
 
Wc Mand Connectors2
Wc Mand Connectors2Wc Mand Connectors2
Wc Mand Connectors2day
 
Jackrabbit Roadmap
Jackrabbit RoadmapJackrabbit Roadmap
Jackrabbit Roadmapday
 
Doc Book Vs Dita
Doc Book Vs DitaDoc Book Vs Dita
Doc Book Vs Ditaday
 
Doc Book Vs Dita Teresa
Doc Book Vs Dita TeresaDoc Book Vs Dita Teresa
Doc Book Vs Dita Teresaday
 
862
862862
862day
 
Apache Con Us2007 Sanselan
Apache Con Us2007 SanselanApache Con Us2007 Sanselan
Apache Con Us2007 Sanselanday
 
Apache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In ActionApache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In Actionday
 
Apache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei BatisApache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei Batisday
 
Apache Con U S07 F F T Sling
Apache Con U S07 F F T SlingApache Con U S07 F F T Sling
Apache Con U S07 F F T Slingday
 
200711 R E S T Apache Con
200711 R E S T Apache Con200711 R E S T Apache Con
200711 R E S T Apache Conday
 

Mehr von day (19)

Performance Pack
Performance PackPerformance Pack
Performance Pack
 
Scala for scripting
Scala for scriptingScala for scripting
Scala for scripting
 
Scala4sling
Scala4slingScala4sling
Scala4sling
 
Testing Zen
Testing ZenTesting Zen
Testing Zen
 
Tech Summit 08 Support Initiative
Tech Summit 08 Support InitiativeTech Summit 08 Support Initiative
Tech Summit 08 Support Initiative
 
Non Cms For Web Apps
Non Cms For Web AppsNon Cms For Web Apps
Non Cms For Web Apps
 
Getting Into The Flow With Cq Dam
Getting Into The Flow With Cq DamGetting Into The Flow With Cq Dam
Getting Into The Flow With Cq Dam
 
Dispatcher Oom
Dispatcher OomDispatcher Oom
Dispatcher Oom
 
Advanced Collaboration And Beyond
Advanced Collaboration And BeyondAdvanced Collaboration And Beyond
Advanced Collaboration And Beyond
 
Wc Mand Connectors2
Wc Mand Connectors2Wc Mand Connectors2
Wc Mand Connectors2
 
Jackrabbit Roadmap
Jackrabbit RoadmapJackrabbit Roadmap
Jackrabbit Roadmap
 
Doc Book Vs Dita
Doc Book Vs DitaDoc Book Vs Dita
Doc Book Vs Dita
 
Doc Book Vs Dita Teresa
Doc Book Vs Dita TeresaDoc Book Vs Dita Teresa
Doc Book Vs Dita Teresa
 
862
862862
862
 
Apache Con Us2007 Sanselan
Apache Con Us2007 SanselanApache Con Us2007 Sanselan
Apache Con Us2007 Sanselan
 
Apache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In ActionApache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In Action
 
Apache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei BatisApache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei Batis
 
Apache Con U S07 F F T Sling
Apache Con U S07 F F T SlingApache Con U S07 F F T Sling
Apache Con U S07 F F T Sling
 
200711 R E S T Apache Con
200711 R E S T Apache Con200711 R E S T Apache Con
200711 R E S T Apache Con
 

Kürzlich hochgeladen

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 

Kürzlich hochgeladen (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 

Java Persistence Frameworks

  • 1. Java Persistence Frameworks Popular and next generation persistence frameworks Thomas Müller Day Software AG Presentation 7780
  • 2. 2 Agenda • Introduction • Persistence Frameworks - SQL(++) - O/R Mapping - Next Generation • SQL Injection
  • 3. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  • 4. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  • 5. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  • 6. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  • 7. 4 Persistence Frameworks 1990 1995 2000 2005 2010
  • 8. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 JDBC 2000 iBATIS DbU t i l s 2005 2010
  • 9. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e 2000 H i be r n at iBATIS DbU t i l s J DO J PA 2005 2010
  • 10. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
  • 11. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 J PA 2 .0 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
  • 13. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
  • 14. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
  • 15. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
  • 16. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } <sqlMap resource="com/mydomain/data/Student.xml"/> <sqlMap namespace="Student"> <typeAlias alias="Student" type="com.mydomain.data.Student"/> <select id="selectStudent" resultClass="Student"> select * from Student where name = #name# </select> </sqlMap> PreparedStatement prep = Student student = (Student) sqlMapper. conn.prepareStatement( "select * from Student where name = ?"); queryForObject("selectStudent", name); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC iBATIS
  • 17. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC iBATIS
  • 18. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } ResultSetHandler h = new BeanHandler(Student.class); Student s = (Student) run.query(conn, "select * from Student where name=?", handler, new Object[]{name}); PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
  • 19. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); ResultSetHandler h = new BeanHandler(Student.class); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); Student s = (Student) run.query(conn, <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); "select * from Student where name=?", selectStudentStudent where name sqlMapper. * from student = (Student) = #name# <sqlMap resource="com/mydomain/data/Student.xml"/> rs.next(); handler, new Object[]{name}); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
  • 21. 6 O/R Mapping Illusion - there is no database b e r n a te - still need configuration Hi Auto-Save - objects are stateful - automatic dirty checking J DO J PA Auto-Navigation - in queries - get() loads referred object - collection support
  • 23. 7 O/R Mapping J DO J PA e H i be r n at
  • 24. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS
  • 25. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular
  • 26. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular Google AppEngine Google AppEngine
  • 28. 8 Hibernate Dependencies hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar
  • 29. 8 <!DOCTYPE hibernate-configuration PUBLIC hibernate3.jar hibernate-annotations.jar "-//Hibernate/Hibernate Configuration DTD 3.0//EN" hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> commons-logging-1.1.jar ejb3-persistence.jar <hibernate-configuration> antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar <session-factory> jta-1.1.jar slf4j-api-1.5.6.jar <property name="connection.url">jdbc:h2:mem:test</property> slf4j-simple-1.5.6.jar <property name="connection.username">sa</property> <property name="connection.driver_class">org.h2.Driver</property> Dependencies <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> </session-factory> Configuration </hibernate-configuration> hibernate.cfg.xml Annotations or XML import javax.persistence.*; @Entity public class Student { @Id @GeneratedValue private Long id; @Column private String name; }
  • 30. 8 hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar Dependencies Configuration hibernate.cfg.xml Student s = (Student) session.createQuery( Annotations or XML "from Student s where name=?"). setString(0, name).list().get(0); Query <!DOCTYPE hibernate-configuration PUBLIC import javax.persistence.*; "-//Hibernate/Hibernate Configuration DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> @Entity <hibernate-configuration> <session-factory> public class Student { <property name="connection.url">jdbc:h2:mem:test</property> @Id @GeneratedValue <property name="connection.username">sa</property> private Long id; <property name="connection.driver_class">org.h2.Driver</property> @Column <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> private String name; </session-factory> } </hibernate-configuration>
  • 32. 9 Next Generation: JaQu POJO public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
  • 33. 9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst();
  • 34. 9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst(); No String Student s = new Student(); Student s = new Student(); - No SQL injection List<Student> students = s.name = "Robert"; db.from(s).where(s.name). db.insert(s); is(name).select();
  • 39. 10 SQL Injection stat.execute("select * from " + "Students where name='" + name + "'");
  • 40. 10 SQL Injection stat.execute("select * from " + "Students where name='" + "Robert'; DROP TABLE Students--'"); name + "'");
  • 41. 10 SQL Injection PreparedStatement prep = conn.prepareStatement( "select * from " + "Students where name=?"); stat.execute("select * from " + prep.setString(1, name); "Students where name='" + prep.execute(); "Robert'; DROP TABLE Students--'"); name + "'");
  • 43. 11 SQL Injection CT * " + JDBC stat.exe cute("SELE ERE " + ERS WH "FROM US ='"+pwd+"'"); D "PASSWOR
  • 44. 11 SQL Injection run.query( ("SELECT * " + JDBC te stat.execu * ERS WHERE s + "SELECT S FROM User " " + "F HEREU sswor "WROM paD='"+pwd'" "'"); + DBUtils SWOR pwAS+ "'"); "P d d= +
  • 45. 11 SQL Injection < lect d rusequeriy(=""SELECT * " + n. g JDBC selext cDte( etUser"RE " + t.ec e I u asFRS WHE ...> sta ELECT * EidOM Users "S whHEMPUS R fromwd+""S); "F er RE pass O + U "WROe ASSWworp = SER '"+ DBUtils '$PASSWORD='" D = '" + "pd + ' pwwd$"'"); Rd </select> iBATIS
  • 46. 11 SQL Injection < lect d rusequeriy(=""SELECTQuery( n. q = *"+ JDBC Query t cDte(g.creaer" ..E " + selexe I u emetUs te R .> stat.ec ECTasEidSfWH) "ers "SEL (u E "SELereT U* FRCTom U+E""S); whHEMPOBJE OM pwd+ R + O REAS R r Us S + EC "WR Us Rss ORD = " '" "F "FROSSWOSSWwordRE '" + pa u W+ DBUtils '$PAM$' erD='"HE = " pwd "'"); '"+pwd+"'"); pwd + </selesword= "pasct> iBATIS JPA
  • 47. 11 SQL Injection < l t d rusequeriy(=""SELECTQuery( Querecq = em.creaer * "y( n. y = er + JDBC Qutley tqIDte(getUs te" er " + se .execu pm.newQuRE c ...> staUserECas* EidSfWH) "ers EC as, "SEL T OBJE OM Us s E "SELer.clT S FRCTom U+E""S); whHEMPU R r (u wd+ R + "WR M UserD'"+RD RES + "F Oe AS "passwor SWO HE = " '" RE pa u W+p "FROSSWOd= ='"pwd+"'"+ DBUtils '$PA d$' Rssword = '" ); " pw + "'"); '"+pwd+"'"); pwd </selesword= "pasct> iBATIS JPA JDO
  • 48. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO JCR
  • 49. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
  • 50. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
  • 51.
  • 52. Images are Creative Commons licensed Thomas Mueller Mountain Bike http://www.flickr.com/photos/kgsbikes/3043775162 Software Engineer Solex http://www.e-solex.fr http://www.h2database.com Scooter http://www.flickr.com/photos/janet/2844615758 http://www.day.com Generic Car http://jackrabbit.apache.org http://www.flickr.com/photos/markscott/389221242 Generic Jeep http://www.flickr.com/photos/markscott/389221372 Ford Focus http://www.flickr.com/photos/stevecoulterperformancecars/ 2965383580 Smart http://www.smart.com xkcd Comic "Exploits of a Mom" http://xkcd.com/327 http://ibatis.apache.org http://commons.apache.org/dbutils http://www.hibernate.org http://www.datanucleus.org http://openjpa.apache.org http://www.eclipse.org/eclipselink http://www.oracle.com/technology/products/ias/toplink http://www.h2database.com/html/jaqu.html