What you may need to know about useBindVarsForViewCriteriaLiterals in adf-config.xml?
The 11.1.2 release has introduced a new flag useBindVarsForViewCriteriaLiterals in your application's adf-config.xml.
Idea is to force the run time to generate temporary bind variables instead of directly using literal values while generating WHERE clause for the ViewCriteria. The above said configuration is done at application level which will set ViewCriteria::setUseBindVarsForLiterals(true) for all VC instances.
<?xml version="1.0" encoding="US-ASCII" ?>
<adf-config .... >
<adf-adfm-config xmlns="http://xmlns.oracle.com/adfm/config">
<defaults useBindVarsForViewCriteriaLiterals="true"/>
...
</adf-adfm-config>
...
Idea is to force the run time to generate temporary bind variables instead of directly using literal values while generating WHERE clause for the ViewCriteria. The above said configuration is done at application level which will set ViewCriteria::setUseBindVarsForLiterals(true) for all VC instances.
- This will help to improve performance of query execution by caching SQLs
- Reduce/avoid the chance for SQL injection
Hi Jobinesh,
ReplyDeleteI have a small question, we use literals for static values, for that if the framework uses bind vars, then what is the point, anyway we cant change the literals at runtime and can we assign different values for the bind vars. Thanks.
Hi Jobinesh,
ReplyDeleteTalking about sql injection, is there a way to avoid that in ADF?
I haven´t seen ADF developers addressing that issue (attacks, XSS, injection,etc).
Thank you.