You can configure pureQuery to allow a Java™ application to run only SQL statements
that you have approved, including SQL statements that are generated
at run time and contain literal values. By using pureQuery in this
way, you can prevent SQL injection attacks.
About this task
If you want to use the workbench, see Using the workbench to run restricted sets of SQL statements dynamically.
If you want to use a
command line, follow these steps:
Procedure
- Capture the SQL
statements that you want to be in the restricted set of statements.
- Optional: Edit the pureQueryXML files
that you create.
To follow the instructions for
this step, you must use the workbench for editing. If you attempt
to edit a pureQueryXML file outside of the workbench, you risk causing
subsequent operations that depend on that file to fail.
- Run your
application with the pureQueryXML file or files that you created.
If your application uses a single connections, data source,
or both, then it can use only one pureQueryXML file. If your application
uses multiple connections, data sources, or both, then it can use
one file per connection or data source.
What to do next
The following topics describe other pureQuery options
for capturing an running SQL statements.