Master Data Management with webMethods OneData : Administering webMethods OneData : Configuring Security : Protecting Against Cross-Site Scripting
Protecting Against Cross-Site Scripting
 
Enforcing Data Validation
Enabling External Entities
Configure CSRF Guard
OneData prevents attacks that exploit security weaknesses common to web applications, including cross-site scripting (XSS) and SQL injection with the following measures:
*A Java database technology layer using prepared statement objects to prevent SQL injections. This is the default mode of SQL queries in OneData.
*Encrypted application URLs to prevent manipulation of request parameters, thereby offering protection from both XSS and SQL injection.
*Configuration options to restrict patterns of characters (common to XSS and SQL injection attacks) to be passed from web forms. Using the servlet-filter functionality, you can ensure that all HTTP request parameters be passed through a validated filtered. For information about configuring these settings, see Enforcing Data Validation.
*Configuration options to protect Data Manager, Reports, and Deployment from Cross-Site Request Forgery (CSRF) attacks.
Copyright © 2011-2016 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback