[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (ODATA-1110) Provide guidance for sql-injection type attacks
Michael Pizzo created ODATA-1110: ------------------------------------ Summary: Provide guidance for sql-injection type attacks Key: ODATA-1110 URL: https://issues.oasis-open.org/browse/ODATA-1110 Project: OASIS Open Data Protocol (OData) TC Issue Type: Bug Components: Securing OData Affects Versions: V4.01_CS02 Environment: [Proposed] Reporter: Michael Pizzo If the application has the expression: Customers?$filter=id eq @id and the user supplies the value for @id as "1&$expand=Orders" Then they have expanded the data that the application was intending. -- This message was sent by Atlassian JIRA (v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]