How to block SQL injection attack
This article describes how to block SQL injection attack. To do so, use the Apache mod_redirect on the dispatcher at project level.
Description description
Environment
Adobe Experience Manager as a Cloud Service
Issue/Symptoms
How to block an SQL injection attack?
Resolution resolution
AEM as a Cloud Service does not offer configurable IP block lists out of the box. Hence use Apache mod_redirect
or any other approved module on the dispatcher at project level.
SQL injection is prevented by design: The default CQ setup neither includes nor requires a traditional database. All data is stored in a content repository (CRX). All access is limited to authenticated users and can only be performed through the JCR API. SQL is supported for search queries only (SELECT
).
recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f