Home > other >  Should I care about sql injection after user has been authenticated?
Should I care about sql injection after user has been authenticated?

Time:01-05

Does make sense to check on malicious SQL input from an authenticated user?

CodePudding user response:

An authenticated user can inject queries that bypasses his security settings if such a query doesn't enforce security checks on fields/objects. Also if a class is defined as without sharing, a simple where clause addition such as OR id != null into the query can fetch records that he should not be having access to such as salary statements of his colleagues!!

So in conclusion, all queries must be checked for sql injection.

CodePudding user response:

If authenticated end user drop any data table, then in your view it is not necessary to care about injection, so there is no need to care about that.

Page link:https//www.codepudding.com/other/250595.html

Prev:How do I select row with maximum value of some column
Next:How to improve Clustered Index scan to Clustered Index seek?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding