You can translate the question and the replies:

How Code injection is handled in Denodo?

I have created a base view using SQL Server table. There is a column called "Tag" in the SQL table. The DATA REST API is created using the same base view. This tag column in nothing but a search parameter which will be passed from the web client. How code injection/SQL Injection is handled in Denodo? DRIVERCLASSNAME = 'com.microsoft.sqlserver.jdbc.SQLServerDriver' DATABASEURI = 'jdbc:sqlserver://SQL_SERVER:Port_Number;databaseName=DEV_DB' CLASSPATH = 'sqljdbc41' DATABASENAME = 'sqlserver' DATABASEVERSION = '2014'
user
04-02-2019 20:34:51 -0500

1 Answer

Hi, I would make sure to follow the best practices of the JDBC API from the client application to avoid SQL injection to Virtual DataPort Server. For detailed information, you can refer to the section [Avoiding SQL Injections](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/appendix/avoiding_sql_injections/avoiding_sql_injections) of the Virtual DataPort Administration Guide. You can also refer to a similar community Q&A [here](https://community.denodo.com/answers/question/details?questionId=9060g000000L75zAAC&title=Denodo+-+App+Scan+Vulnerability+for+Blind+SQL+injection) which talks in detail on how there is no vulnerability for Blind SQL injection in Virtual DataPort Server. Hope this helps
Denodo Team
05-02-2019 05:39:21 -0500
You must sign in to add an answer. If you do not have an account, you can register here