AnsweredAssumed Answered

Facing Issue with Protect Against SQL Attacks

Question asked by saidawali.dudekula on Mar 27, 2018
Latest reply on Apr 6, 2018 by sapsh01

Hello Team,

 

I am currently using "Protect against SQL attack" for URL path and URL parameters.
I have selected Standard SQL Injection Attack Protection in the assertion.

 

My valid request looks like below.
https://<hostname>/v1/exampleData?SourceName=’test’&Period=’2016-11-08'

 

So, whenever I receive a request with url path as /v1/exampleData?##  or url param as ?SourceName=’te'st’&Period=’2016#-11-08', I expect these requests to get rejected. But they are passing through without failing.

 

If I select, Invasive SQL Injection Attack Protection, my valid request also fails due to presence of quotes.

 

I appreciate if anyone can provide guidance on how to rectify this issue.

 

Regards,

Saidawali

Outcomes