This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
purushothaman1
Absent Member.
Absent Member.
‎2017-04-27 13:04
7029 views

how to fix the Access control database issue

we have incorporated the recommended solutions in the application , but still in the scan reporting the issue

0 Likes
Reply
Report Inappropriate Content
1 Reply
Jaime Rojas
Commodore
Commodore
‎2017-04-28 18:36

Hi ​,

One way is use some type of indirection to avoid users manipulate directly the value of ID´s fields. For example, instead of this:

String idField = request.getParameter("idField");

BuildQuery(idField);

Try to implement something like this:

String fakeId = request.getParameter("idField");

String realId = decodeFakeId(fakeId);

BuildQuery(realId);

Where decodeFakeId(...) looks for the fakeId as akey in a dictionary, ArayList or something lie that and returns the linked value.

Hope this be useful.

Regards.

Jaime

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.