cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SQL Injection

KElsner
Super Contributor

My security guys are asking for MEGA HOPEX protection against SQL injection before I get an internal GoLive approval. Is there anything done to in HOPEX V1R3 CP11 to be protected against SQL injection?

 

2 Replies

KElsner
Super Contributor

Hello Jerome,

 

many thanks for the quick response.

 

Best regards

Kai Elsner

 

jhorber
MEGA
MEGA

Hello KEsner

 

By design, SQL injections are not possible in HOPEX.


Indeed:

  • GUI do not enable to insert SQL statements.
  • APIs do not enable to run SQL statements

Update actions in the HOPEX repository are transformed though several business layers to SQL statement by a core C++ component. This component cannot be customized.

Jerome