Open in app

Sign in

Write

Sign in

ORM Essentials: From Concept to Implementation in Your Project

CHAIRI Chaimae
4 min readFeb 9, 2024

--

The rise of Object-Oriented Programming (OOP) sparked interest in Object databases. However, the entrenched dominance of relational databases poses integration challenges due to existing system structures. Therefore, the idea of combining the advantages of the relational databases and OOP paradigm becomes apparent. To address this, the concept of Object-Relational Mapping (ORM) was introduced to facilitate a more cohesive and efficient development process.

In the upcoming lines you will:

  • Understand what ORM is and how it work
  • Discover a practical example in java.
  • Identify the benifit of usign ORM
  • Unravel ORM Injection

ORM overview

The Object-Relational Mapping acts as a translator between the structured world of relational databases such as SQL databases and the flexibility of object-oriented programming languages like Java, C# or Python.

Essentially, ORM allows you to work with database data using objects and classes instead of raw SQL queries. In other words, when using Object-Relational Mapping (ORM) in Java (or any other object-oriented language), the database columns are mapped to attributes in your Java class stored in memory.

farukgenc.com

ORM Work Process

Mapping Columns to Attributes:

Let’s consider a database table called users with columns: id, name, email, and role. In your Java class named for example User, you define corresponding attributes:

public class User {
    private Long id;
    private String name;
    private String email;
    private String role;

    // Getters and setters...
}
  • When you retrieve data from the database, ORM frameworks (like Hibernate) automatically populate these attributes based on the column values.
  • For example, if you fetch a row from the users table, the ORM framework assigns the id, name, email, and role values to the corresponding attributes in your User object.

Let’s explore how Object-Relational Mapping (ORM) works in Java. We’ll use Hibernate as an example.

Hibernate is a popular Java-based framework that falls under the category of Object-Relational Mapping (ORM) tools. The primary purpose of Hibernate is to simplify the interaction between Java applications and relational databases by providing a framework for mapping Java objects to database tables and vice versa.

Hibernate as a ORM tool for JAVA @TestingDocs

Setting Up Hibernate:

First, ensure you have Java and Maven installed. Then create a new Maven project or add Hibernate as a dependency to your existing project’s pom.xml:

<dependencies>
    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-core</artifactId>
        <version>5.5.7.Final</version>
    </dependency>
</dependencies>

Defining Your Entity:

In Hibernate, an entity corresponds to a database table. Create a Java class representing your User entity:

import javax.persistence.*;

@Entity
@Table(name = "users")
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String name;
    private String email;
    private String role;

    // Getters and setters...

Configuring Hibernate:

  • Set up Hibernate configuration (usually in hibernate.cfg.xml or application.properties). Specify your database connection details:
<hibernate-configuration>
    <session-factory>
        <!-- Database connection settings -->
        <property name="hibernate.connection.driver_class">com.mysql.cj.jdbc.Driver</property>
        <property name="hibernate.connection.url">jdbc:mysql://localhost:3306/mydb</property>
        <property name="hibernate.connection.username">your_username</property>
        <property name="hibernate.connection.password">your_password</property>

        <!-- Other Hibernate properties... -->
    </session-factory>
</hibernate-configuration>

Using Hibernate:

  • Create a session factory and open a session:
SessionFactory sessionFactory = new Configuration().configure().buildSessionFactory();
Session session = sessionFactory.openSession();

Perform CRUD operations:

// Fetch all users
List<User> allUsers = session.createQuery("FROM User", User.class).getResultList();
// Insert a new user
User newUser = new User();
newUser.setName("Chaimae");
newUser.setEmail("chaimae@example.com");
newUser.setRole("admin");
session.save(newUser);
// Commit the transaction
session.getTransaction().commit();

How Hibernate Works Behind the Scenes?

When you query User, Hibernate translates it to SQL like:

SELECT * FROM users;

When you save a new user, Hibernate generates an INSERT statement. It handles the mapping between Java objects and database rows.

Benefits of Hibernate (ORM):

  • Abstraction: Works with Java objects instead of raw SQL.
  • Portability: Easily switch databases. For instance, from MySQL to PostgreSQL.
  • Security: Helps prevent SQL injection.
  • Relationships: Handles complex associations like one-to-many and many-to-many.

ORM Benefit

  • Abstraction: ORM abstracts away the low-level details of database interactions which makes your code cleaner and more maintainable.
  • Productivity: It simplifies database operations which allows you to focus on your application’s logic.
  • Portability: You can switch between different database systems such as MySQL, PostgreSQL and SQLite without rewriting your code.

Essential ORM Knowledge

  • Choose an ORM Framework: Start by selecting an ORM framework that aligns with your programming language: Hibernate for Java, SQLAlchemy for Python, Entity Framework for .NET).
  • Mapping: Understand how to map your classes/objects to database tables. It’s is recommended to learn about annotations, attributes, or configuration files used for this purpose.
  • CRUD Operations: Learn how to perform Create, Read, Update, and Delete operations using ORM.
  • Relationships: Explore how to handle relationships between objects.
  • Performance Considerations: Understand the impact of ORM on performance and learn optimization techniques.

Object Relational Mapping (ORM) Injection

This is a type of attack that targets the ORM-generated data access object model. From a tester’s perspective, it’s virtually identical to a SQL Injection attack. The key difference is that the vulnerability exists in the code produced by the ORM layer itself.

  • How ORM Layers Can Be Vulnerable?

ORM layers present vulnerability risks by expanding the attack surface of an application. If unsanitized input parameters are accepted by ORM-generated object methods, the application becomes susceptible to exploitation. Attackers exploit weaknesses in the ORM layer rather than targeting the application directly, using it to inject malicious SQL queries.

  • Testing for ORM Injection:

When testing for ORM injection, it is essential to identify the specific ORM layer in use and understand its parser functionality. The assessment should focus on potential weaknesses in the ORM implementation, especially instances where validation and sanitization are inadequately handled by the ORM layer. Examining these aspects helps in uncovering and mitigating security risks associated with ORM vulnerabilities.

Stay vigilant! 🛡️

ORM is powerful, but it’s essential to grasp its concepts thoroughly to use it effectively in your projects. Happy learning!

Java
Hibernate
Oop
Orm
Relational Databases

--

--

CHAIRI Chaimae
CHAIRI Chaimae

Written by CHAIRI Chaimae

18 Followers
41 Following

This space's to document my learning and track my progress. Hope it helps someone somewhere. You're welcomed!

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams