AnsweredAssumed Answered

SQL Injection

Question asked by CGSJohnson on Oct 31, 2017

I have a web application and it has been run through a vulnerability test/scan.  One of the tests injected some code into the outFields of a query -- "; select 1", which caused the query result to fail.  Because the test was able to inject this code, the application is being flagged as insecure.  I know that ArcGIS Server protects against SQL Injection by allowing you to specify "Use Standardized Queries", but is there anything that can be done to prevent the manipulation of the query being sent to the server?  Any help/suggestions are welcome.

 

Thanks...Chris

Outcomes