PAM protection against SQL injection
Article ID: 188965
Updated On:
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
Is PAM protected against SQL Injection vulnerability?
Environment
Product: Layer 7 Privileges Access Manager
Version: 3.x
Version: 3.x
Resolution
PAM provides protection from SQL Injection, and this is one of the things our vulnerability tests keep an eye out for.
In case you detect any vulnerability of this kind, or of any other kind, please open a support case defining it, to get it solved as soon as possible.
- On the Credential Manager side, pretty much all of our queries use the java prepared query command. Properly used, that protects against sql injection all by itself.
- On the Access Manager side, we take a different approach. Most (it is supposed to be all) customer supplied data that is used to help make a query runs through a php command mysqli_real_escape_string which protects against sql injection.
In case you detect any vulnerability of this kind, or of any other kind, please open a support case defining it, to get it solved as soon as possible.
Additional Information
Feedback
Yes
No
Powered by
