on 05-11-2018 7:43 PM
Hi Friends,
I have created a oData Service for a Calculation view with Parameters like as shown below
https://Server:Portnumber//TEST/sd/Ship.xsodata/InputParams(IP_START_DATE='20180507',IP_START_TIME='010000',IP_END_TIME='020000')/Execute?$format=json&
We want to call this URL from front end system or from a Raspberry Pi , Is there an option in XS Service to expose the service without exposing the Parameters, just for security concern to avoid SQL Injection like those scenarios ?
Please let me know the options.
Thanks,
Gokul
The input parameters are part of the URL. That's the way OData works. It is HTTP based and uses the URL as such. There's no "hiding" URL parameters really. The parameters are checked for SQL Injection within the OData service framework on the server side.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Thomas,
I would like to understand : " The parameters are checked for SQL Injection within the OData service framework on the server side.". Where Can I get some more info on this.
We have a requirement where we are calling oData from Java service through API gateway system and they are asking us to encode the url due to SQL injection policy i.e. pass url with this format "LABEL_UPDATESET%2528LABEL_NUM%253D%252798184003999809888%2527%252CWERKS%253D%25277001%2527%2529.
But our Gateway is not able to read this url.
Thanks
Nilesh
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.