search cancel

PAM protection against SQL injection

book

Article ID: 188965

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Is PAM protected against SQL Injection vulnerability?

Environment

Product: Layer 7 Privileges Access Manager
Version: 3.x

Resolution

PAM provides protection from SQL Injection, and this is one of the things our vulnerability tests keep an eye out for.
  • On the Credential Manager side, pretty much all of our queries use the java prepared query command.  Properly used, that protects against sql injection all by itself.
  • On the Access Manager side, we take a different approach. Most (it is supposed to be all) customer supplied data that is used to help make a query runs through a php command mysqli_real_escape_string which protects against sql injection.  

In case you detect any vulnerability of this kind, or of any other kind, please open a support case defining it, to get it solved as soon as possible.

Additional Information

See also: