Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

how does aem prevents sql injection?

Avatar

Level 3

how does aem prevents sql injection?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

View solution in original post

5 Replies

Avatar

Community Advisor

Please note that JCR SQL injections != RDBMS SQL injections. SQL in JCR is strictly read-only. As far as it is possible to manipulate a query the only risk is information leakage. No data can be manipulated as is the case with RDBMSes.

 

Avatar

Correct answer by
Community Advisor

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.