PAM protection against SQL injection
search cancel

PAM protection against SQL injection


Article ID: 188965


Updated On:


CA Privileged Access Manager (PAM)


Is PAM protected against SQL Injection vulnerability?


Product: Layer 7 Privileges Access Manager
Version: 3.x


PAM provides protection from SQL Injection, and this is one of the things our vulnerability tests keep an eye out for.
  • On the Credential Manager side, pretty much all of our queries use the java prepared query command.  Properly used, that protects against sql injection all by itself.
  • On the Access Manager side, we take a different approach. Most (it is supposed to be all) customer supplied data that is used to help make a query runs through a php command mysqli_real_escape_string which protects against sql injection.  

In case you detect any vulnerability of this kind, or of any other kind, please open a support case defining it, to get it solved as soon as possible.

Additional Information

See also: