Just wondering if the entity framework is setup to handle things like SQL injection out the box?
Every tutorial I have seen, video, book or blog post. No one mentions security and seems to pass in variables straight into the context with no checks etc...
Just wondering what peoples thoughts were on this, and how do you handle this side of things?
Yes, Entity Framework does handle some security issues such as SQL injection attacks if you use the LINQ to Entities queries.
In the case of SQL injection, it does that through SQL query parameters. If you use Entity SQL commands there are possible vectors of attack just as if you used ADO.NET.
I am not sure about other possible security vulnerabilities but you can read more here on MSDN with some tips on making sure Entity Framework is secure.