SQL Injection prevention with CA SSO

Document ID:  TEC1978924
Last Modified Date:  08/09/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Single Sign-On

Components

  • SITEMINDER -POLICY SERVER:SMPLC
Introduction:

How to configure CA SSO to prevent against SQL Injection attack

Background:

SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

Environment:
Policy server : r12.5 and above
Instructions:

SiteMinder protects the Audit/User/Session Store data against SQL Injection.
SiteMinder does not protect the actual application data that the customer has in their application database against SQL Injection.

There is no known SQL injection vulnerability in SiteMinder code.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >