Mashables and Mashups : Mashables : Connect Information Sources as Mashables : Register Custom Database Mashables : Enabling/Disabling Data Alteration Operations and Other Security Considerations
Enabling/Disabling Data Alteration Operations and Other Security Considerations
The mashable operations that have security implications include those that can alter data and those finders that use raw SQL rather than prepared statements. You manage these operations for the database mashable as a whole, rather than for individual tables or views.
By default Business Analytics generates mashable operations to insert, update or delete records for each table. You can disable any of these operations for all tables in the mashable.
The following finders are not generated by default. You can choose to enable these operations:
*Dynamic Finder = the findtable-nameWhere operation. This executes a WHERE clause defined as a parameter.
*Dynamic Select = the selecttable-name operation. This executes a SELECT statement for the given table and optional WHERE clause defined as parameters.
These finders are very flexible, allowing you to perform arbitrary SQL commands. However, they are vulnerable to SQL injection attacks and thus a potential security risk.
Administrators can also completely disable the use of these operations for new database mashables using Business Analytics Server configuration.
1. Select the Database Service folder to configure operations with security implications for this database mashable,
2. Clear or set any of the options to disable or enable specific operations for all the tables and views in this database mashable.
3. Click Save.
Copyright © 2013-2016 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback