Enforcing Data Validation
Security attacks typically originate from data entered into fields in a website form or user application. OneData uses Python scripts to validate the values entered in fields. You can configure OneData to validate the data entering or being returned from the application using the following methods:
validateData: Validates data input to the Data Manager module through any point of entry, including the interface, import functions, and API calls. You can use this method to define a stricter set of rules for the data manager than for other metadata modules where special characters and scripts may be necessary or acceptable. If the complexity should be the same between modules,
validateData can internally call
validateParameter to enforce the same set of rules.
validateParameter: Validates data requests where the data is not encrypted, such as when saving new records through the
Data Entry screen. You can define the pattern of characters to validate using this function.
For more information about Python scripts, see official Python documentation. To learn more about detecting attacks from cross-site scripting and SQL injection, visit the Symantec site and see http://www.securityfocus.com/infocus/1768.
