Question

1
Replies
67
Views
Close popover
Balamurali Krishnan (BalamuraliKrishnan)
Accenture

Accenture
SG
BalamuraliKrishnan Member since 2020 2 posts
Accenture
Posted: October 5, 2020
Last activity: October 30, 2020

SQL Injection

https://community.pega.com/sites/default/files/help_v731/security/best-practices/sec-security-guidelines-custom-HTML-ref.htm

>> Replace dynamic SQL statements with prepared statements that have parameterized queries to prevent possible SQL injection. <<

Can some help to understand, to avoid SQL injection we should not use Dynamic SQL statements which is parameterized to use User Input. Am i right?

If my Connect SQL is not having parameterized queries of User Input. Is it safe to use? or should we always prefer to use Obj methods.

Pega Platform Security