none
input validation for Console application RRS feed

  • Question

  • getting the results from our security scan:

    This input is used by the application, without being validated, to filter personal records
    from sensitive database tables. Method ... submits a query to the database commandOut, at line 000 of
    file.cs, without any additional filtering by the database. This could allow the user to choose different records based on the id.

    where commandOut is a SQLCommand passing parameters to stored procedure.

    The issue is raised for the application run as a service under domain account. Should it be a concern?

    Thank you.

    Thursday, October 3, 2019 4:17 PM

All replies

  • Hi IlhaBaba,

    Thank you for posting here.

    I am not sure what you are doing now. Could you provide the related code about it?

    Also, I want to know if it is related to database.

    We are waiting for your update.

    Best Regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, October 7, 2019 5:39 AM
    Moderator
  • Post the code it is complaining about.

    Michael Taylor http://www.michaeltaylorp3.net

    Monday, October 7, 2019 1:51 PM
    Moderator