How to prevent SQL Injection from ServiceNow to 3rd party tool?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2018 03:48 AM
Hi All,
I am working on 3rd party integration and have a requirement where user want to prevent SQL Injection from ServiceNow to their tool.
I have a form where user will insert data and click on 'Test Connection' button which will make rest call and check whether the data is correct or not.
The fields I am using are of type string and hence I want to restrict the SQL injection where user from servicenow should not be able to put any data which lead to SQL Injection and impact their tool (3rd party tool).
Can anyone please help to know how can I achieve this.
Thanks in Advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2018 10:23 AM
I would assume you should handle it the way any SQL injection attack would be mitigated, filter your responses. I also saw in a related post that addEncodedQuery does not recognize the delete commands. So if you used this with a REST integration, that's one checkbox you could check. You could check the data they submit and remove all the bad stuff or warn the user, but I am not sure if that would help things.
