0
votes

I am experimenting with objectify and GAE (Java, standard environment) to store some data in Google's datastore. When not using objectify prepared queries are mentioned in the docs in order to save and retrieve data from the datastore. See: GAE docs

Are there any vulnerabilities similar to SQL injection when using Objectify like this:

List<Car> cars = ofy().load().type(Car.class).filter("year >", 1999).list();

Or like this:

ofy().save().entity(thing1).now();
Thing th = ofy().load().key(thingKey).now();

Thanks in advance

1

1 Answers

2
votes

No, there's no equivalent of SQL injection because there is no query language.