How does the application contemplate common security exposures such as cross site scripting and SQL injection?
Skyway applications are generated as standard J2EE applications which utilize .jsp pages that reflect the design intentions of the Skyway Developer. The Skyway Web Layer is designed to only create variable references that were designed to be available on any given page or in any given context and prevents access or modification of variables that were not scoped to be modified by a particular page. The database access that is generated by Skyway does not allow nested SQL scripts to be injected into form fields, for example, however the platform does allow developers the option of creating their own SQL, in which case the responsibility for protecting that SQL string belongs to the Skyway Developer. Skyway does not eliminate the need to protect your applications from cross site scripting attacks, and safeguards built into the browser/web server layers are respected.
Related Questions
- Through the application security interface, can our site limit access to application functions, etc., through RACF/ACF2/TOP SECRET?
- What do Cross Site Scripting (XSS), SQL Injection, SSI Injection, HTTP Response Splitting, and Brute Force attacks mean?
- How does the application contemplate common security exposures such as cross site scripting and SQL injection?