


how does aem prevents sql injection?
Solved! Go to Solution.
Views
Replies
Sign in to like this content
Total Likes
You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.
@shikhasoni1 Please refer to below Community URL to get understanding of AEM Security Best Practices:
refer this for the techniques to prevent sql injections - https://labs.tadigital.com/index.php/2018/11/05/sql-injections-overview-and-prevention-techniques/
Please note that JCR SQL injections != RDBMS SQL injections. SQL in JCR is strictly read-only. As far as it is possible to manipulate a query the only risk is information leakage. No data can be manipulated as is the case with RDBMSes.
.
You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.