New Participant

Solved

how does aem prevents sql injection?

Forum|Forum|3 years ago
April 27, 2022
5 replies
3625 views

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by BrianKasingli

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

BrianKasingliAccepted solution

New Participant

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

maryani

New Participant

Hi

How can we prevent blind XPath injection for an AEM page??

Thanks

K

KiranVe1

New Participant

I have got a similar vulnerbility in our latest report. Did you find any solution for this?

sourcedcode

New Participant

.

arunpatidar

New Participant

Please note that JCR SQL injections != RDBMS SQL injections. SQL in JCR is strictly read-only. As far as it is possible to manipulate a query the only risk is information leakage. No data can be manipulated as is the case with RDBMSes.

Arun Patidar

Anish-Sinha

Employee

refer this for the techniques to prevent sql injections - https://labs.tadigital.com/index.php/2018/11/05/sql-injections-overview-and-prevention-techniques/

Bhuwan_B

New Participant

@shikhasoni1 Please refer to below Community URL to get understanding of AEM Security Best Practices:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-security-best-practices-awakening-to-the-need-for-better/td-p/449600

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded