Protecting Against Cross-Site Scripting
OneData prevents attacks that exploit security weaknesses common to web applications, including cross-site scripting (XSS) and SQL injection with the following measures:
![*](bullet.gif)
A Java database technology layer using prepared statement objects to prevent SQL injections. This is the default mode of SQL queries in
OneData.
![*](bullet.gif)
Encrypted application URLs to prevent manipulation of request parameters, thereby offering protection from both XSS and SQL injection.
![*](bullet.gif)
Configuration options to restrict patterns of characters (common to XSS and SQL injection attacks) to be passed from web forms. Using the servlet-filter functionality, you can ensure that all HTTP request parameters be passed through a validated filtered. For information about configuring these settings, see
Enforcing Data Validation.
![*](bullet.gif)
Configuration options to protect Data Manager, Reports, and Deployment from Cross-Site Request Forgery (CSRF) attacks.