cancel
Showing results for 
Search instead for 
Did you mean: 

SQL Injection

Solved
Highlighted
Occasional Contributor

SQL Injection

My security guys are asking for MEGA HOPEX protection against SQL injection before I get an internal GoLive approval. Is there anything done to in HOPEX V1R3 CP11 to be protected against SQL injection?

 

2 Replies
MEGA

Re: SQL Injection

Hello KEsner

 

By design, SQL injections are not possible in HOPEX.


Indeed:

  • GUI do not enable to insert SQL statements.
  • APIs do not enable to run SQL statements

Update actions in the HOPEX repository are transformed though several business layers to SQL statement by a core C++ component. This component cannot be customized.

Jerome
Occasional Contributor

Re: SQL Injection

Hello Jerome,

 

many thanks for the quick response.

 

Best regards

Kai Elsner