All Communities

Products

ArcGIS Pro ArcGIS Survey123 ArcGIS Online ArcGIS Enterprise Data Management Geoprocessing ArcGIS Web AppBuilder ArcGIS Experience Builder ArcGIS Dashboards ArcGIS Spatial Analyst ArcGIS CityEngine All Products Communities

Industries

Education Water Resources State & Local Government Transportation Gas and Pipeline Water Utilities Roads and Highways Telecommunications Natural Resources Electric Public Safety All Industries Communities

Developers

Python JavaScript Maps SDK Native Maps SDKs ArcGIS API for Python ArcObjects SDK ArcGIS Pro SDK Developers - General ArcGIS REST APIs and Services ArcGIS Online Developers File Geodatabase API Game Engine Maps SDKs All Developers Communities

Worldwide

Comunidad Esri Colombia - Ecuador - Panamá ArcGIS 開発者コミュニティ Czech GIS ArcNesia Esri India GeoDev Germany ArcGIS Content - Esri Nederland Esri Italia Community Comunidad GEOTEC Esri Ireland Používatelia ArcGIS All Worldwide Communities

All Communities

Developers User Groups Industries Services Community Resources Worldwide Events Learning ArcGIS Topics Networks GIS Life View All Communities
ArcGIS Ideas
GIS Life
Community Resources

Community Help Documents

Community Blog

Community Feedback

Member Introductions

Community Ideas

All Community Resources

SQL Injection

863

10-31-2017 10:11 AM

I have a web application and it has been run through a vulnerability test/scan. One of the tests injected some code into the outFields of a query -- "; select 1", which caused the query result to fail. Because the test was able to inject this code, the application is being flagged as insecure. I know that ArcGIS Server protects against SQL Injection by allowing you to specify "Use Standardized Queries", but is there anything that can be done to prevent the manipulation of the query being sent to the server? Any help/suggestions are welcome.

Thanks...Chris

0 Replies