how does aem prevents sql injection?
Solved! Go to Solution.
Views
Replies
Total Likes
You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.
@shikhasoni1 Please refer to below Community URL to get understanding of AEM Security Best Practices:
refer this for the techniques to prevent sql injections - https://labs.tadigital.com/index.php/2018/11/05/sql-injections-overview-and-prevention-techniques/
Please note that JCR SQL injections != RDBMS SQL injections. SQL in JCR is strictly read-only. As far as it is possible to manipulate a query the only risk is information leakage. No data can be manipulated as is the case with RDBMSes.
.
You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.
Hi
How can we prevent blind XPath injection for an AEM page??
Thanks
Views
Replies
Total Likes