OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

odata message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] (ODATA-1110) Provide guidance for sql-injection type attacks


Michael Pizzo created ODATA-1110:
------------------------------------

             Summary: Provide guidance for sql-injection type attacks
                 Key: ODATA-1110
                 URL: https://issues.oasis-open.org/browse/ODATA-1110
             Project: OASIS Open Data Protocol (OData) TC
          Issue Type: Bug
          Components: Securing OData
    Affects Versions: V4.01_CS02
         Environment: [Proposed]
            Reporter: Michael Pizzo


If the application has the expression:

    Customers?$filter=id eq @id

and the user supplies the value for @id as "1&$expand=Orders"

Then they have expanded the data that the application was intending.




--
This message was sent by Atlassian JIRA
(v6.2.2#6258)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]