topic Re: queryFeatures SQL Injection in ArcGIS JavaScript Maps SDK Questions https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/queryfeatures-sql-injection/m-p/1315640#M81865 <P>That could definitely work! Do you have a link to documentation for how to call it programmatically?</P> Fri, 04 Aug 2023 17:47:52 GMT AddisonShaw 2023-08-04T17:47:52Z queryFeatures SQL Injection https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/queryfeatures-sql-injection/m-p/1313678#M81820 <P>Looking at integrating&nbsp;<A href="https://developers.arcgis.com/javascript/latest/api-reference/esri-layers-FeatureLayer.html#queryFeatures" target="_self">queryFeatures</A>&nbsp;into our application to segment a large feature service by client.<BR /><BR />We have concerns about SQL Injection with this approach as it would be somewhat trivial to modify the client-side where clause to return whatever data you want from a layer.</P><P>How are we supposed to handle this use case? Is it possible to proxy a feature service through a backend service that itself is using something like the ArcGIS REST API? That way we could essentially hide the query implementation from end users.</P> Mon, 31 Jul 2023 16:28:54 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/queryfeatures-sql-injection/m-p/1313678#M81820 AddisonShaw 2023-07-31T16:28:54Z Re: queryFeatures SQL Injection https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/queryfeatures-sql-injection/m-p/1315326#M81858 <P>Not sure if it helps in your specific use case, but if you are using an online hosted Feature Layer I would suggest you check out the capability to create hosted <A href="https://doc.arcgis.com/en/arcgis-online/manage-data/create-hosted-views.htm" target="_self">Feature Layer View</A> and it's ability to configure filters.</P> Thu, 03 Aug 2023 21:41:41 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/queryfeatures-sql-injection/m-p/1315326#M81858 JohnGrayson 2023-08-03T21:41:41Z Re: queryFeatures SQL Injection https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/queryfeatures-sql-injection/m-p/1315640#M81865 <P>That could definitely work! Do you have a link to documentation for how to call it programmatically?</P> Fri, 04 Aug 2023 17:47:52 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/queryfeatures-sql-injection/m-p/1315640#M81865 AddisonShaw 2023-08-04T17:47:52Z