Protection against SQL injection

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Won't Fix
    • None
    • Component/s: None
    • None

      Dear Ladies and Gentlemen,

       

      I am an employee of Dataport from Altenholz, Germany.

      My company is an IT service provider and uses your JIRA software.

       

      Currently we are doing a safety appraisal of our running systems and we have the following questions regarding to your software:

        

      Protection against SQL injection:

      Are entries and parameters carefully checked and filtered by the application before forwarding to the database system?

       

      Are stored procedures or prepared SQL statements used?

       

      Is it ensured that no error messages are issued to the outside. What allows drawing a conclusion on the system used or on the structure of the database behind it.

       

      Thank you for your efforts.

       

      Best regards

       

      Peter Vogelsang

      Consultant Software Engineering

            Assignee:
            Unassigned
            Reporter:
            Dataport Lizenzmanagement
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: