• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

ASP.NET: Does LINQ (EF) Prevent SQL Injection

Hello,

I am building my first web application; I'm using  ASP.NET 4, Entity Framework, and SQL Server 2008 database.

I'm trying to learn about securing the application against malicious input.

If I use Entity Data Sources to read / write data, does this automatically prevent SQL injection, or are there additional steps I need to take to make sure the data is clean?

Thanks!
0
JMS1965
Asked:
JMS1965
1 Solution
 
binaryevoCommented:
Sql Injection can be performed even if you are using entity framework.  This is a helpful article from Microsoft:  http://msdn.microsoft.com/en-us/library/cc716760.aspx
0
 
JMS1965Author Commented:
That's very helpful ... thank you so much!!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now