4

I'm trying to make a secure login that prevents SQLInjection using the OWASP specification for hashing but for the other parts of my application I'm thinking of using JPA, but I don't know if it's a good practice to use a hybrid, or I should just stick to using DAO for all the data layer and keep it consistent?

I'd also like to know if using both JPA and DAO causes compatibility problems at runtime?

Thanks

Alvin Baena
  • 903
  • 1
  • 10
  • 24

3 Answers3

2

This is an answer on a discussion about whether it makes sense to use a DAO layer when working with JPA.

How should EntityManager be used in a nicely decoupled service layer and data access layer?

I think the same aplies to any data access logic (e.g. login)

Community
  • 1
  • 1
Gonzalo Garcia Lasurtegui
  • 4,911
  • 5
  • 32
  • 49
  • So i should use the DAO only for the authentication, and JPA for the rest, as it's much easier for me to use custom queries. – Alvin Baena Oct 23 '11 at 15:27
  • As mentioned in the post above, if your data access logic only involves calling crud methods of the EntityManager, I think it is fine not to include a DAO which in this case would be just a wrapper of the EntityManager without adding any value. – Gonzalo Garcia Lasurtegui Oct 23 '11 at 15:33
  • Ok, I get it now, and you're right, I should only stick to JPA. Thanks for clarifiying. – Alvin Baena Oct 23 '11 at 15:43
1

Best way is you can use DAO for secure login hashing purpose.Rest of your application you can use JPA.in my project i am using Hibernate instead of JPA.

0

Your DAO ought to be interface-based, which means that the implementation is a choice that you can modify at will by plugging in a new implementation. Clients should only know about the DAO interface.

If this is correct, then I don't understand your question. Your DAO is the interface; JPA will be one implementation you choose among many. It's not either/or; it's interface/implementation.

duffymo
  • 305,152
  • 44
  • 369
  • 561
  • 1
    Well, you made something I had clear, 'clearer', because I was going to use interfaces to expose the service, but I thought DAO was the implementation and not the pattern. – Alvin Baena Oct 23 '11 at 17:10