Sql injection etc


I’m just starting with API’s / Dreamfactory and hope this is not a dumb question… But I was wondering whether - security wise - everything is taken care of by DF.

For instance: if I create a PHP-app where an authorised user can post a new record into a database with a form, do I still have to take care of sanitizing the $_POST input? Or does DF take care of all that?

Thanks & regards,


Yes DF deconstructs all requests and make the necessary checks on each query filter before executing the requests. However, it is always a good practice to sanitise all user inputs before sending it over the wire.

check out this doc for more on DF security https://staticassets.dreamfactory.com/whitepapers/DreamFactory_Security_V2.pdf

1 Like