Y
Hacker News
new
|
ask
|
show
|
jobs
by
jdlshore
1647 days ago
The proper solution to SQL injection is parameterized queries, not input sanitization, to my knowledge.
1 comments
drunkpotato
1647 days ago
The irony here is that if you use the log4j equivalent of parameterized queries, parameterized logging strings, you're still vulnerable to this CVE, even if you did everything right.
link