AnsweredAssumed Answered

Blind SQL injection for Geoprocessing service using arcpy.da.SearchCursor

Question asked by DemersM on Oct 3, 2018
Latest reply on Oct 3, 2018 by DemersM

Hi,

 

I would like to know if a geoprocessing service that is using arcpy.da.SearchCursor can be subject to blind SQL injection if the where_clause parameter of the SearchCursor is one of the service parameter.

 

Is there a possibility that injecting SQL in the where_clause parameter can affect the integrity of the source table especially by using the SLEEP() command?

 

Thank you

Outcomes