How to block SQL injection attack?

Last update: 2023-01-20



Adobe Experience Manager as a Cloud Service


How to block an SQL injection attack?


AEM as a Cloud Service does not offer configurable IP block lists out of the box. Hence use Apache mod_redirect or any other approved module on the dispatcher at project level.

SQL injection is prevented by design: The default CQ setup neither includes nor requires a traditional database. All data is stored in a content repository (CRX). All access is limited to authenticated users and can only be performed through the JCR API. SQL is supported for search queries only (SELECT).

On this page