Devson
Reputation: 31
Possibilities of SQL Injection with EFCTP and .net mvc
Just want to know from experts that is there any inbuilt security for SQL Injection in Entity Framework or .net MVC?
Thanks
Upvotes: 1
Views: 123
Answers (1)
BrokenGlass
Reputation: 160862
It is only built in if you use it. Entity Framework provides strongly typed entity classes - if you only use Linq to Entities you will be protected against SQL injection attacks, the same is true though if you use parametrized SQL with SQL server directly.
Having said that, you can still shoot yourself in the foot if you use EF store queries - this can be plain old SQL - so make sure you use SqlParameter here.
Upvotes: 1
Related Questions
- SQL Injection attack prevention: where do I start
- SQL injection with Entity Framework Database.SqlQuery
- Entity Framework + sql injection
- Control SQL injection in MVC
- Sql Injection Risk at Entity Framework with Old Type Commands
- MVC 4 SQL string injection Security
- SQL injection with Entity Framework
- SQL injection concerns
- EntitySQL and SQL injection
- LINQ to Entities and SQL Injection