topic Re: Potential for SQL injection using QueryDataSource in ArcGIS JavaScript Maps SDK Questions https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/potential-for-sql-injection-using-querydatasource/m-p/22520#M1956 <HTML><HEAD></HEAD><BODY><P>I think this is hitting a REST Endpoint so the security is handled by ArcServer. </P></BODY></HTML> Wed, 04 Feb 2015 19:54:53 GMT PaulCrickard 2015-02-04T19:54:53Z Potential for SQL injection using QueryDataSource https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/potential-for-sql-injection-using-querydatasource/m-p/22519#M1955 <HTML><HEAD></HEAD><BODY><P>I would really like to start adding layers to my applications using Dynamic Layers and the <A href="https://developers.arcgis.com/javascript/jsapi/querydatasource-amd.html">QueryDataSource </A>class.&nbsp; This would allow me to display some relatively complex relationships on the fly with minimal input from users and without having to pre-symbolize and anticipate all possible combinations in a map service beforehand. </P><P></P><P>My only concern is that exposing SQL queries through a client-side application might open us up to SQL injection.&nbsp; Is anyone out there working with the QueryDataSource class?&nbsp; Are there any built-in safegaurds against SQL injection?</P></BODY></HTML> Wed, 04 Feb 2015 15:21:35 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/potential-for-sql-injection-using-querydatasource/m-p/22519#M1955 BillDaigle 2015-02-04T15:21:35Z Re: Potential for SQL injection using QueryDataSource https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/potential-for-sql-injection-using-querydatasource/m-p/22520#M1956 <HTML><HEAD></HEAD><BODY><P>I think this is hitting a REST Endpoint so the security is handled by ArcServer. </P></BODY></HTML> Wed, 04 Feb 2015 19:54:53 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/potential-for-sql-injection-using-querydatasource/m-p/22520#M1956 PaulCrickard 2015-02-04T19:54:53Z Re: Potential for SQL injection using QueryDataSource https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/potential-for-sql-injection-using-querydatasource/m-p/22521#M1957 <HTML><HEAD></HEAD><BODY><P>It looks like the parameter "<SPAN class="usertext">useStandardizedQueries" that was added at 10.2&nbsp; <A href="http://resources.arcgis.com/en/help/arcgis-rest-api/index.html#//02r3000000p1000000">http://resources.arcgis.com/en/help/arcgis-rest-api/index.html#//02r3000000p1000000 </A>​likely addresses my concern.&nbsp; </SPAN></P></BODY></HTML> Tue, 02 Jun 2015 17:07:54 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/potential-for-sql-injection-using-querydatasource/m-p/22521#M1957 BillDaigle 2015-06-02T17:07:54Z