Sql injection etc

Erik · November 22, 2018, 10:36pm

Hi,

I’m just starting with API’s / Dreamfactory and hope this is not a dumb question… But I was wondering whether - security wise - everything is taken care of by DF.

For instance: if I create a PHP-app where an authorised user can post a new record into a database with a form, do I still have to take care of sanitizing the $_POST input? Or does DF take care of all that?

Thanks & regards,

Erik

kawisoft · March 6, 2019, 10:53pm

Yes DF deconstructs all requests and make the necessary checks on each query filter before executing the requests. However, it is always a good practice to sanitise all user inputs before sending it over the wire.

check out this doc for more on DF security https://staticassets.dreamfactory.com/whitepapers/DreamFactory_Security_V2.pdf

Topic		Replies	Views
Securing Dreamfactory and Database question	2	1152	March 6, 2019
DF for SaaS backend Users & Roles	2	2301	September 7, 2014
Whitelisting an IP or domain to bypass need for authorisation Authentication & Security	8	2707	March 31, 2016
Is DF website Hacked?	3	1640	April 28, 2018
Problem with login to admin console and events Authentication & Security	1	1211	December 6, 2019

Sql injection etc

Related topics