Expand my Community achievements bar.

SOLVED

how does aem prevents sql injection?

Avatar

Level 4

how does aem prevents sql injection?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

View solution in original post

6 Replies

Avatar

Community Advisor

Please note that JCR SQL injections != RDBMS SQL injections. SQL in JCR is strictly read-only. As far as it is possible to manipulate a query the only risk is information leakage. No data can be manipulated as is the case with RDBMSes.

 



Arun Patidar

Avatar

Correct answer by
Community Advisor

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

Avatar

Level 2

Hi 

How can we prevent blind XPath injection for an AEM page??

 

Thanks