Running restricted sets of SQL statements dynamically

You can configure pureQuery to allow a Java application to run only SQL statements that you have approved, including SQL statements that are generated at run time and contain literal values. By using pureQuery in this way, you can prevent SQL injection attacks.

Before you begin

Ensure that your system meets the hardware and software requirements. See System requirements for Optim™ pureQuery Runtime.

About this task

If you want to use the workbench, see Using the workbench to run restricted sets of SQL statements dynamically.

If you want to use a command line, follow these steps:

Procedure

  1. Capture the SQL statements that you want to be in the restricted set of statements.
  2. Optional: Edit the pureQueryXML files that you create.
    To follow the instructions for this step, you must use the workbench for editing. If you attempt to edit a pureQueryXML file outside of the workbench, you risk causing subsequent operations that depend on that file to fail.
  3. Run your application with the pureQueryXML file or files that you created.
    If your application uses a single connections, data source, or both, then it can use only one pureQueryXML file. If your application uses multiple connections, data sources, or both, then it can use one file per connection or data source.

What to do next

The following topics describe other pureQuery options for capturing an running SQL statements.


Feedback