https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/rest-where-clause-and-sql-injection/m-p/406722#M1978 <HTML><HEAD></HEAD><BODY><SPAN>I'm trying to determine how safe it is to publish REST services for mash-up consumption. Specifically I am wondering if the WHERE clause for querying is vulnerable to any kind of SQL Injection attack?</SPAN><BR /><BR /><SPAN>Thanks in advance!</SPAN></BODY></HTML> Fri, 17 Dec 2010 13:28:09 GMT JonathanBaier 2010-12-17T13:28:09Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/rest-where-clause-and-sql-injection/m-p/406722#M1978 <HTML><HEAD></HEAD><BODY><SPAN>I'm trying to determine how safe it is to publish REST services for mash-up consumption. Specifically I am wondering if the WHERE clause for querying is vulnerable to any kind of SQL Injection attack?</SPAN><BR /><BR /><SPAN>Thanks in advance!</SPAN></BODY></HTML> Fri, 17 Dec 2010 13:28:09 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/rest-where-clause-and-sql-injection/m-p/406722#M1978 JonathanBaier 2010-12-17T13:28:09Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/rest-where-clause-and-sql-injection/m-p/406723#M1979 <HTML><HEAD></HEAD><BODY><SPAN>There are the patches on sql injection: </SPAN><A href="http://support.esri.com/zh-cn/knowledgebase/techarticles/detail/40677">http://support.esri.com/zh-cn/knowledgebase/techarticles/detail/40677</A><SPAN> . </SPAN><BR /><BR /><SPAN>However I advise use ags 10.2 or superior why ArcGIS Server includes a security option that forces developers to use standardized SQL queries (for details: </SPAN><A href="http://resources.arcgis.com/en/help/main/10.2/index.html#//015400000641000000">http://resources.arcgis.com/en/help/main/10.2/index.html#//015400000641000000</A><SPAN> )</SPAN></BODY></HTML> Fri, 21 Feb 2014 09:37:35 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/rest-where-clause-and-sql-injection/m-p/406723#M1979 nicogis 2014-02-21T09:37:35Z