Protecting Against Cross-Site Scripting

OneData 10.7 | Managing Master Data with webMethods OneData | Administering webMethods OneData | Configuring Security | Protecting Against Cross-Site Scripting

Enforcing Data Validation

Enabling External Entities

Configure CSRF Guard

OneData prevents attacks that exploit security weaknesses common to web applications, including cross-site scripting (XSS) and SQL injection with the following measures:

A Java database technology layer using prepared statement objects to prevent SQL injections. This is the default mode of SQL queries in OneData.

Encrypted application URLs to prevent manipulation of request parameters, thereby offering protection from both XSS and SQL injection.

Configuration options to restrict patterns of characters (common to XSS and SQL injection attacks) to be passed from web forms. Using the servlet filter functionality, you can ensure that all HTTP request parameters pass through a validated filter. For information about configuring these settings, see Enforcing Data Validation.

Configuration options to protect Data Manager, Reports, and Deployment from Cross-Site Request Forgery (CSRF) attacks.