I would like to know if a geoprocessing service that is using arcpy.da.SearchCursor can be subject to blind SQL injection if the where_clause parameter of the SearchCursor is one of the service parameter.
Is there a possibility that injecting SQL in the where_clause parameter can affect the integrity of the source table especially by using the SLEEP() command?
Thank you for the link, that helps a lot.
Standardized queries are applied to the entire ArcGIS Server site; they cannot be enabled for some services and disabled for others.
So if it's turned on on the server, standardized queries are being used for the where_clause in a arcpy.da.SearchCursor in a Geoprocessing Service right?
That do not just applied to standardized queries of MapServices right?