SlideShare une entreprise Scribd logo

Java Persistence Frameworks

Télécharger en tant que KEY, PDF
D
day
TechnologieActualités & Politique
1  sur  52
Java Persistence Frameworks Popular and next generation persistence frameworks Thomas Müller Day Software AG Presentation 7780
2 Agenda • Introduction • Persistence Frameworks - SQL(++) - O/R Mapping - Next Generation • SQL Injection
3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
4 Persistence Frameworks 1990 1995 2000 2005 2010
4 Persistence Frameworks 1990 SQL(++) ODB C 1995 JDBC 2000 iBATIS DbU t i l s 2005 2010
4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e 2000 H i be r n at iBATIS DbU t i l s J DO J PA 2005 2010
4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 J PA 2 .0 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
5 SQL(++)
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } <sqlMap resource="com/mydomain/data/Student.xml"/> <sqlMap namespace="Student"> <typeAlias alias="Student" type="com.mydomain.data.Student"/> <select id="selectStudent" resultClass="Student"> select * from Student where name = #name# </select> </sqlMap> PreparedStatement prep = Student student = (Student) sqlMapper. conn.prepareStatement( "select * from Student where name = ?"); queryForObject("selectStudent", name); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC iBATIS
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC iBATIS
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } ResultSetHandler h = new BeanHandler(Student.class); Student s = (Student) run.query(conn, "select * from Student where name=?", handler, new Object[]{name}); PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); ResultSetHandler h = new BeanHandler(Student.class); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); Student s = (Student) run.query(conn, <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); "select * from Student where name=?", selectStudentStudent where name sqlMapper. * from student = (Student) = #name# <sqlMap resource="com/mydomain/data/Student.xml"/> rs.next(); handler, new Object[]{name}); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
6 O/R Mapping
6 O/R Mapping Illusion - there is no database b e r n a te - still need configuration Hi Auto-Save - objects are stateful - automatic dirty checking J DO J PA Auto-Navigation - in queries - get() loads referred object - collection support
7 O/R Mapping
7 O/R Mapping J DO J PA e H i be r n at
7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS
7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular
7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular Google AppEngine Google AppEngine
8 Hibernate
8 Hibernate Dependencies hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar
8 <!DOCTYPE hibernate-configuration PUBLIC hibernate3.jar hibernate-annotations.jar "-//Hibernate/Hibernate Configuration DTD 3.0//EN" hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> commons-logging-1.1.jar ejb3-persistence.jar <hibernate-configuration> antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar <session-factory> jta-1.1.jar slf4j-api-1.5.6.jar <property name="connection.url">jdbc:h2:mem:test</property> slf4j-simple-1.5.6.jar <property name="connection.username">sa</property> <property name="connection.driver_class">org.h2.Driver</property> Dependencies <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> </session-factory> Configuration </hibernate-configuration> hibernate.cfg.xml Annotations or XML import javax.persistence.*; @Entity public class Student { @Id @GeneratedValue private Long id; @Column private String name; }
8 hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar Dependencies Configuration hibernate.cfg.xml Student s = (Student) session.createQuery( Annotations or XML "from Student s where name=?"). setString(0, name).list().get(0); Query <!DOCTYPE hibernate-configuration PUBLIC import javax.persistence.*; "-//Hibernate/Hibernate Configuration DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> @Entity <hibernate-configuration> <session-factory> public class Student { <property name="connection.url">jdbc:h2:mem:test</property> @Id @GeneratedValue <property name="connection.username">sa</property> private Long id; <property name="connection.driver_class">org.h2.Driver</property> @Column <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> private String name; </session-factory> } </hibernate-configuration>
9 Next Generation: JaQu
9 Next Generation: JaQu POJO public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst();
9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst(); No String Student s = new Student(); Student s = new Student(); - No SQL injection List<Student> students = s.name = "Robert"; db.from(s).where(s.name). db.insert(s); is(name).select();
10 SQL Injection
10 SQL Injection
10 SQL Injection
10 SQL Injection
10 SQL Injection stat.execute("select * from " + "Students where name='" + name + "'");
10 SQL Injection stat.execute("select * from " + "Students where name='" + "Robert'; DROP TABLE Students--'"); name + "'");
10 SQL Injection PreparedStatement prep = conn.prepareStatement( "select * from " + "Students where name=?"); stat.execute("select * from " + prep.setString(1, name); "Students where name='" + prep.execute(); "Robert'; DROP TABLE Students--'"); name + "'");
11 SQL Injection
11 SQL Injection CT * " + JDBC stat.exe cute("SELE ERE " + ERS WH "FROM US ='"+pwd+"'"); D "PASSWOR
11 SQL Injection run.query( ("SELECT * " + JDBC te stat.execu * ERS WHERE s + "SELECT S FROM User " " + "F HEREU sswor "WROM paD='"+pwd'" "'"); + DBUtils SWOR pwAS+ "'"); "P d d= +
11 SQL Injection < lect d rusequeriy(=""SELECT * " + n. g JDBC selext cDte( etUser"RE " + t.ec e I u asFRS WHE ...> sta ELECT * EidOM Users "S whHEMPUS R fromwd+""S); "F er RE pass O + U "WROe ASSWworp = SER '"+ DBUtils '$PASSWORD='" D = '" + "pd + ' pwwd$"'"); Rd </select> iBATIS
11 SQL Injection < lect d rusequeriy(=""SELECTQuery( n. q = *"+ JDBC Query t cDte(g.creaer" ..E " + selexe I u emetUs te R .> stat.ec ECTasEidSfWH) "ers "SEL (u E "SELereT U* FRCTom U+E""S); whHEMPOBJE OM pwd+ R + O REAS R r Us S + EC "WR Us Rss ORD = " '" "F "FROSSWOSSWwordRE '" + pa u W+ DBUtils '$PAM$' erD='"HE = " pwd "'"); '"+pwd+"'"); pwd + </selesword= "pasct> iBATIS JPA
11 SQL Injection < l t d rusequeriy(=""SELECTQuery( Querecq = em.creaer * "y( n. y = er + JDBC Qutley tqIDte(getUs te" er " + se .execu pm.newQuRE c ...> staUserECas* EidSfWH) "ers EC as, "SEL T OBJE OM Us s E "SELer.clT S FRCTom U+E""S); whHEMPU R r (u wd+ R + "WR M UserD'"+RD RES + "F Oe AS "passwor SWO HE = " '" RE pa u W+p "FROSSWOd= ='"pwd+"'"+ DBUtils '$PA d$' Rssword = '" ); " pw + "'"); '"+pwd+"'"); pwd </selesword= "pasct> iBATIS JPA JDO
11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO JCR
11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
Images are Creative Commons licensed Thomas Mueller Mountain Bike http://www.flickr.com/photos/kgsbikes/3043775162 Software Engineer Solex http://www.e-solex.fr http://www.h2database.com Scooter http://www.flickr.com/photos/janet/2844615758 http://www.day.com Generic Car http://jackrabbit.apache.org http://www.flickr.com/photos/markscott/389221242 Generic Jeep http://www.flickr.com/photos/markscott/389221372 Ford Focus http://www.flickr.com/photos/stevecoulterperformancecars/ 2965383580 Smart http://www.smart.com xkcd Comic "Exploits of a Mom" http://xkcd.com/327 http://ibatis.apache.org http://commons.apache.org/dbutils http://www.hibernate.org http://www.datanucleus.org http://openjpa.apache.org http://www.eclipse.org/eclipselink http://www.oracle.com/technology/products/ias/toplink http://www.h2database.com/html/jaqu.html

Recommandé

D17111 gc30 sg1
D17111 gc30 sg1D17111 gc30 sg1
D17111 gc30 sg1myonlineworld
 
D17111 gc30 sg2
D17111 gc30 sg2D17111 gc30 sg2
D17111 gc30 sg2myonlineworld
 
D17108 gc30 sg1
D17108 gc30 sg1D17108 gc30 sg1
D17108 gc30 sg1myonlineworld
 
D17108 gc30 sg2
D17108 gc30 sg2D17108 gc30 sg2
D17108 gc30 sg2myonlineworld
 
Embrace OSGi Apache Con Europe2009
Embrace OSGi Apache Con Europe2009Embrace OSGi Apache Con Europe2009
Embrace OSGi Apache Con Europe2009day
 
Tarpm Clustering
Tarpm ClusteringTarpm Clustering
Tarpm Clusteringday
 
Scripting Yor Java Application with BSF3
Scripting Yor Java Application with BSF3Scripting Yor Java Application with BSF3
Scripting Yor Java Application with BSF3day
 
Apache jMeter
Apache jMeterApache jMeter
Apache jMeterNexThoughts Technologies
 

Recommandé

D17111 gc30 sg1
D17111 gc30 sg1D17111 gc30 sg1
D17111 gc30 sg1myonlineworld
 
D17111 gc30 sg2
D17111 gc30 sg2D17111 gc30 sg2
D17111 gc30 sg2myonlineworld
 
D17108 gc30 sg1
D17108 gc30 sg1D17108 gc30 sg1
D17108 gc30 sg1myonlineworld
 
D17108 gc30 sg2
D17108 gc30 sg2D17108 gc30 sg2
D17108 gc30 sg2myonlineworld
 
Embrace OSGi Apache Con Europe2009
Embrace OSGi Apache Con Europe2009Embrace OSGi Apache Con Europe2009
Embrace OSGi Apache Con Europe2009day
 
Tarpm Clustering
Tarpm ClusteringTarpm Clustering
Tarpm Clusteringday
 
Scripting Yor Java Application with BSF3
Scripting Yor Java Application with BSF3Scripting Yor Java Application with BSF3
Scripting Yor Java Application with BSF3day
 
Apache jMeter
Apache jMeterApache jMeter
Apache jMeterNexThoughts Technologies
 
Performance Pack
Performance PackPerformance Pack
Performance Packday
 
Scala for scripting
Scala for scriptingScala for scripting
Scala for scriptingday
 
Scala4sling
Scala4slingScala4sling
Scala4slingday
 
Testing Zen
Testing ZenTesting Zen
Testing Zenday
 
Tech Summit 08 Support Initiative
Tech Summit 08 Support InitiativeTech Summit 08 Support Initiative
Tech Summit 08 Support Initiativeday
 
Non Cms For Web Apps
Non Cms For Web AppsNon Cms For Web Apps
Non Cms For Web Appsday
 
Getting Into The Flow With Cq Dam
Getting Into The Flow With Cq DamGetting Into The Flow With Cq Dam
Getting Into The Flow With Cq Damday
 
Dispatcher Oom
Dispatcher OomDispatcher Oom
Dispatcher Oomday
 
Advanced Collaboration And Beyond
Advanced Collaboration And BeyondAdvanced Collaboration And Beyond
Advanced Collaboration And Beyondday
 
Wc Mand Connectors2
Wc Mand Connectors2Wc Mand Connectors2
Wc Mand Connectors2day
 
Jackrabbit Roadmap
Jackrabbit RoadmapJackrabbit Roadmap
Jackrabbit Roadmapday
 
Doc Book Vs Dita
Doc Book Vs DitaDoc Book Vs Dita
Doc Book Vs Ditaday
 
Doc Book Vs Dita Teresa
Doc Book Vs Dita TeresaDoc Book Vs Dita Teresa
Doc Book Vs Dita Teresaday
 
862
862862
862day
 
Apache Con Us2007 Sanselan
Apache Con Us2007 SanselanApache Con Us2007 Sanselan
Apache Con Us2007 Sanselanday
 
Apache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In ActionApache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In Actionday
 
Apache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei BatisApache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei Batisday
 
Apache Con U S07 F F T Sling
Apache Con U S07 F F T SlingApache Con U S07 F F T Sling
Apache Con U S07 F F T Slingday
 
200711 R E S T Apache Con
200711 R E S T Apache Con200711 R E S T Apache Con
200711 R E S T Apache Conday
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Contenu connexe

Plus de day

Performance Pack
Performance PackPerformance Pack
Performance Packday
 
Scala for scripting
Scala for scriptingScala for scripting
Scala for scriptingday
 
Scala4sling
Scala4slingScala4sling
Scala4slingday
 
Testing Zen
Testing ZenTesting Zen
Testing Zenday
 
Tech Summit 08 Support Initiative
Tech Summit 08 Support InitiativeTech Summit 08 Support Initiative
Tech Summit 08 Support Initiativeday
 
Non Cms For Web Apps
Non Cms For Web AppsNon Cms For Web Apps
Non Cms For Web Appsday
 
Getting Into The Flow With Cq Dam
Getting Into The Flow With Cq DamGetting Into The Flow With Cq Dam
Getting Into The Flow With Cq Damday
 
Dispatcher Oom
Dispatcher OomDispatcher Oom
Dispatcher Oomday
 
Advanced Collaboration And Beyond
Advanced Collaboration And BeyondAdvanced Collaboration And Beyond
Advanced Collaboration And Beyondday
 
Wc Mand Connectors2
Wc Mand Connectors2Wc Mand Connectors2
Wc Mand Connectors2day
 
Jackrabbit Roadmap
Jackrabbit RoadmapJackrabbit Roadmap
Jackrabbit Roadmapday
 
Doc Book Vs Dita
Doc Book Vs DitaDoc Book Vs Dita
Doc Book Vs Ditaday
 
Doc Book Vs Dita Teresa
Doc Book Vs Dita TeresaDoc Book Vs Dita Teresa
Doc Book Vs Dita Teresaday
 
862
862862
862day
 
Apache Con Us2007 Sanselan
Apache Con Us2007 SanselanApache Con Us2007 Sanselan
Apache Con Us2007 Sanselanday
 
Apache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In ActionApache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In Actionday
 
Apache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei BatisApache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei Batisday
 
Apache Con U S07 F F T Sling
Apache Con U S07 F F T SlingApache Con U S07 F F T Sling
Apache Con U S07 F F T Slingday
 
200711 R E S T Apache Con
200711 R E S T Apache Con200711 R E S T Apache Con
200711 R E S T Apache Conday
 

Plus de day (19)

Performance Pack
Performance PackPerformance Pack
Performance Pack
 
Scala for scripting
Scala for scriptingScala for scripting
Scala for scripting
 
Scala4sling
Scala4slingScala4sling
Scala4sling
 
Testing Zen
Testing ZenTesting Zen
Testing Zen
 
Tech Summit 08 Support Initiative
Tech Summit 08 Support InitiativeTech Summit 08 Support Initiative
Tech Summit 08 Support Initiative
 
Non Cms For Web Apps
Non Cms For Web AppsNon Cms For Web Apps
Non Cms For Web Apps
 
Getting Into The Flow With Cq Dam
Getting Into The Flow With Cq DamGetting Into The Flow With Cq Dam
Getting Into The Flow With Cq Dam
 
Dispatcher Oom
Dispatcher OomDispatcher Oom
Dispatcher Oom
 
Advanced Collaboration And Beyond
Advanced Collaboration And BeyondAdvanced Collaboration And Beyond
Advanced Collaboration And Beyond
 
Wc Mand Connectors2
Wc Mand Connectors2Wc Mand Connectors2
Wc Mand Connectors2
 
Jackrabbit Roadmap
Jackrabbit RoadmapJackrabbit Roadmap
Jackrabbit Roadmap
 
Doc Book Vs Dita
Doc Book Vs DitaDoc Book Vs Dita
Doc Book Vs Dita
 
Doc Book Vs Dita Teresa
Doc Book Vs Dita TeresaDoc Book Vs Dita Teresa
Doc Book Vs Dita Teresa
 
862
862862
862
 
Apache Con Us2007 Sanselan
Apache Con Us2007 SanselanApache Con Us2007 Sanselan
Apache Con Us2007 Sanselan
 
Apache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In ActionApache Con Us2007 Jcr In Action
Apache Con Us2007 Jcr In Action
 
Apache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei BatisApache Con Us2007 Apachei Batis
Apache Con Us2007 Apachei Batis
 
Apache Con U S07 F F T Sling
Apache Con U S07 F F T SlingApache Con U S07 F F T Sling
Apache Con U S07 F F T Sling
 
200711 R E S T Apache Con
200711 R E S T Apache Con200711 R E S T Apache Con
200711 R E S T Apache Con
 

Dernier

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Dernier (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Java Persistence Frameworks

  • 1. Java Persistence Frameworks Popular and next generation persistence frameworks Thomas Müller Day Software AG Presentation 7780
  • 2. 2 Agenda • Introduction • Persistence Frameworks - SQL(++) - O/R Mapping - Next Generation • SQL Injection
  • 3. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  • 4. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  • 5. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  • 6. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  • 7. 4 Persistence Frameworks 1990 1995 2000 2005 2010
  • 8. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 JDBC 2000 iBATIS DbU t i l s 2005 2010
  • 9. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e 2000 H i be r n at iBATIS DbU t i l s J DO J PA 2005 2010
  • 10. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
  • 11. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 J PA 2 .0 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
  • 13. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
  • 14. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
  • 15. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
  • 16. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } <sqlMap resource="com/mydomain/data/Student.xml"/> <sqlMap namespace="Student"> <typeAlias alias="Student" type="com.mydomain.data.Student"/> <select id="selectStudent" resultClass="Student"> select * from Student where name = #name# </select> </sqlMap> PreparedStatement prep = Student student = (Student) sqlMapper. conn.prepareStatement( "select * from Student where name = ?"); queryForObject("selectStudent", name); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC iBATIS
  • 17. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC iBATIS
  • 18. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } ResultSetHandler h = new BeanHandler(Student.class); Student s = (Student) run.query(conn, "select * from Student where name=?", handler, new Object[]{name}); PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
  • 19. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); ResultSetHandler h = new BeanHandler(Student.class); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); Student s = (Student) run.query(conn, <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); "select * from Student where name=?", selectStudentStudent where name sqlMapper. * from student = (Student) = #name# <sqlMap resource="com/mydomain/data/Student.xml"/> rs.next(); handler, new Object[]{name}); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
  • 21. 6 O/R Mapping Illusion - there is no database b e r n a te - still need configuration Hi Auto-Save - objects are stateful - automatic dirty checking J DO J PA Auto-Navigation - in queries - get() loads referred object - collection support
  • 23. 7 O/R Mapping J DO J PA e H i be r n at
  • 24. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS
  • 25. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular
  • 26. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular Google AppEngine Google AppEngine
  • 28. 8 Hibernate Dependencies hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar
  • 29. 8 <!DOCTYPE hibernate-configuration PUBLIC hibernate3.jar hibernate-annotations.jar "-//Hibernate/Hibernate Configuration DTD 3.0//EN" hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> commons-logging-1.1.jar ejb3-persistence.jar <hibernate-configuration> antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar <session-factory> jta-1.1.jar slf4j-api-1.5.6.jar <property name="connection.url">jdbc:h2:mem:test</property> slf4j-simple-1.5.6.jar <property name="connection.username">sa</property> <property name="connection.driver_class">org.h2.Driver</property> Dependencies <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> </session-factory> Configuration </hibernate-configuration> hibernate.cfg.xml Annotations or XML import javax.persistence.*; @Entity public class Student { @Id @GeneratedValue private Long id; @Column private String name; }
  • 30. 8 hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar Dependencies Configuration hibernate.cfg.xml Student s = (Student) session.createQuery( Annotations or XML "from Student s where name=?"). setString(0, name).list().get(0); Query <!DOCTYPE hibernate-configuration PUBLIC import javax.persistence.*; "-//Hibernate/Hibernate Configuration DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> @Entity <hibernate-configuration> <session-factory> public class Student { <property name="connection.url">jdbc:h2:mem:test</property> @Id @GeneratedValue <property name="connection.username">sa</property> private Long id; <property name="connection.driver_class">org.h2.Driver</property> @Column <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> private String name; </session-factory> } </hibernate-configuration>
  • 32. 9 Next Generation: JaQu POJO public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
  • 33. 9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst();
  • 34. 9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst(); No String Student s = new Student(); Student s = new Student(); - No SQL injection List<Student> students = s.name = "Robert"; db.from(s).where(s.name). db.insert(s); is(name).select();
  • 39. 10 SQL Injection stat.execute("select * from " + "Students where name='" + name + "'");
  • 40. 10 SQL Injection stat.execute("select * from " + "Students where name='" + "Robert'; DROP TABLE Students--'"); name + "'");
  • 41. 10 SQL Injection PreparedStatement prep = conn.prepareStatement( "select * from " + "Students where name=?"); stat.execute("select * from " + prep.setString(1, name); "Students where name='" + prep.execute(); "Robert'; DROP TABLE Students--'"); name + "'");
  • 43. 11 SQL Injection CT * " + JDBC stat.exe cute("SELE ERE " + ERS WH "FROM US ='"+pwd+"'"); D "PASSWOR
  • 44. 11 SQL Injection run.query( ("SELECT * " + JDBC te stat.execu * ERS WHERE s + "SELECT S FROM User " " + "F HEREU sswor "WROM paD='"+pwd'" "'"); + DBUtils SWOR pwAS+ "'"); "P d d= +
  • 45. 11 SQL Injection < lect d rusequeriy(=""SELECT * " + n. g JDBC selext cDte( etUser"RE " + t.ec e I u asFRS WHE ...> sta ELECT * EidOM Users "S whHEMPUS R fromwd+""S); "F er RE pass O + U "WROe ASSWworp = SER '"+ DBUtils '$PASSWORD='" D = '" + "pd + ' pwwd$"'"); Rd </select> iBATIS
  • 46. 11 SQL Injection < lect d rusequeriy(=""SELECTQuery( n. q = *"+ JDBC Query t cDte(g.creaer" ..E " + selexe I u emetUs te R .> stat.ec ECTasEidSfWH) "ers "SEL (u E "SELereT U* FRCTom U+E""S); whHEMPOBJE OM pwd+ R + O REAS R r Us S + EC "WR Us Rss ORD = " '" "F "FROSSWOSSWwordRE '" + pa u W+ DBUtils '$PAM$' erD='"HE = " pwd "'"); '"+pwd+"'"); pwd + </selesword= "pasct> iBATIS JPA
  • 47. 11 SQL Injection < l t d rusequeriy(=""SELECTQuery( Querecq = em.creaer * "y( n. y = er + JDBC Qutley tqIDte(getUs te" er " + se .execu pm.newQuRE c ...> staUserECas* EidSfWH) "ers EC as, "SEL T OBJE OM Us s E "SELer.clT S FRCTom U+E""S); whHEMPU R r (u wd+ R + "WR M UserD'"+RD RES + "F Oe AS "passwor SWO HE = " '" RE pa u W+p "FROSSWOd= ='"pwd+"'"+ DBUtils '$PA d$' Rssword = '" ); " pw + "'"); '"+pwd+"'"); pwd </selesword= "pasct> iBATIS JPA JDO
  • 48. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO JCR
  • 49. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
  • 50. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
  • 51.
  • 52. Images are Creative Commons licensed Thomas Mueller Mountain Bike http://www.flickr.com/photos/kgsbikes/3043775162 Software Engineer Solex http://www.e-solex.fr http://www.h2database.com Scooter http://www.flickr.com/photos/janet/2844615758 http://www.day.com Generic Car http://jackrabbit.apache.org http://www.flickr.com/photos/markscott/389221242 Generic Jeep http://www.flickr.com/photos/markscott/389221372 Ford Focus http://www.flickr.com/photos/stevecoulterperformancecars/ 2965383580 Smart http://www.smart.com xkcd Comic "Exploits of a Mom" http://xkcd.com/327 http://ibatis.apache.org http://commons.apache.org/dbutils http://www.hibernate.org http://www.datanucleus.org http://openjpa.apache.org http://www.eclipse.org/eclipselink http://www.oracle.com/technology/products/ias/toplink http://www.h2database.com/html/jaqu.html