SQL Injection prevention with CA SSO

Document ID : KB000010724
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

How to configure CA SSO to prevent against SQL Injection attack

Background:

SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

Environment:
Policy server : r12.5 and above
Instructions:

SiteMinder protects the Audit/User/Session Store data against SQL Injection.
SiteMinder does not protect the actual application data that the customer has in their application database against SQL Injection.

There is no known SQL injection vulnerability in SiteMinder code.