Expand my Community achievements bar.

SOLVED

how does aem prevents sql injection?

Avatar

Level 4

how does aem prevents sql injection?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

0 Replies

Avatar

Community Advisor

Please note that JCR SQL injections != RDBMS SQL injections. SQL in JCR is strictly read-only. As far as it is possible to manipulate a query the only risk is information leakage. No data can be manipulated as is the case with RDBMSes.

 

Avatar

Correct answer by
Community Advisor

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

Avatar

Level 2

Hi 

How can we prevent blind XPath injection for an AEM page??

 

Thanks

 

page footer