Is it possible to perform a SQL Injection on a application that uses Entity Framework?

c# entity-framework entity-framework-6 sql-injection

Question

Is Enterprise Framework hackable?

Is it possible to perform a SQL Injection on a application that uses EF?

If so, can someone kindly provide a detailed example of how it may be accomplished? Nothing particular to EF in C# that I could locate.

1
0
7/22/2018 3:48:24 PM

Accepted Answer

ZZZ_tmp
2
7/22/2018 4:47:56 PM

Popular Answer

Depending on how it is used. Yes, LINQ uses SQL parameters to transmit all data to the database, making it secure against SQL INJECTION. Traditional SQL injection techniques cannot be used against LINQ queries because they are not created via text manipulation or concatenation.



Related Questions





Related

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow