cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hiding the Odata service parameters

Go to solution
gokul_jayaraman2
Explorer

on ‎05-11-2018 7:43 PM

0 Kudos

Hi Friends,

I have created a oData Service for a Calculation view with Parameters like as shown below

https://Server:Portnumber//TEST/sd/Ship.xsodata/InputParams(IP_START_DATE='20180507',IP_START_TIME='010000',IP_END_TIME='020000')/Execute?$format=json&

We want to call this URL from front end system or from a Raspberry Pi , Is there an option in XS Service to expose the service without exposing the Parameters, just for security concern to avoid SQL Injection like those scenarios ?

Please let me know the options.

Thanks,

Gokul

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

thomas_jung
Developer Advocate
Developer Advocate
‎05-12-2018 1:07 PM

The input parameters are part of the URL. That's the way OData works. It is HTTP based and uses the URL as such. There's no "hiding" URL parameters really. The parameters are checked for SQL Injection within the OData service framework on the server side.

Show replies
Show replies
former_member632303
Member
‎01-04-2021 11:55 PM
0 Kudos

Hi Thomas,

I would like to understand : " The parameters are checked for SQL Injection within the OData service framework on the server side.". Where Can I get some more info on this.

We have a requirement where we are calling oData from Java service through API gateway system and they are asking us to encode the url due to SQL injection policy i.e. pass url with this format "LABEL_UPDATESET%2528LABEL_NUM%253D%252798184003999809888%2527%252CWERKS%253D%25277001%2527%2529.

But our Gateway is not able to read this url.

Thanks

Nilesh

Answers (0)

Ask a Question