AnsweredAssumed Answered

Facing Issue with Protect Against SQL Attacks

Question asked by saidawali.dudekula on Mar 27, 2018
Latest reply on Dec 11, 2018 by Stephen_Hughes

Hello Team,


I am currently using "Protect against SQL attack" for URL path and URL parameters.
I have selected Standard SQL Injection Attack Protection in the assertion.


My valid request looks like below.


So, whenever I receive a request with url path as /v1/exampleData?##  or url param as ?SourceName=’te'st’&Period=’2016#-11-08', I expect these requests to get rejected. But they are passing through without failing.


If I select, Invasive SQL Injection Attack Protection, my valid request also fails due to presence of quotes.


I appreciate if anyone can provide guidance on how to rectify this issue.