cancel
Showing results for 
Search instead for 
Did you mean: 

MII Security

Former Member
0 Kudos

NW EHP1 7.1 ce SP03

MII 12.1.5.7

We are at a point where we are thinking about security on MII and one interesting topic that has come up is SQL injections. We have a possible solutions, but before we invest time and effort creating this solution and testing it, we would like to know how anyone has addressed SQL injections in the past or if you know of anyone that has devised a solution? Also, we need to know how to insert string into an Oracle database that contains a single quote. Part of the SQL injection will contain a single quote and we would like to capture this malicious code and insert it into our error log so our company has an idea to who tried to harm the mfg system.

Accepted Solutions (0)

Answers (1)

Answers (1)

jamie_cawley
Advisor
Advisor
0 Kudos

I'm sure you will find plenty of articles on the web regarding sql injections such as http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

Regarding the qoute issue, I usually search for these and add an additional one to it to escape it. Not sure about oracle, but this works for sql server.

str.replace(/'/g,"''");

Regards,

Jamie