I
IlhaBaba
Guest
getting the results from our security scan:
This input is used by the application, without being validated, to filter personal records
from sensitive database tables. Method ... submits a query to the database commandOut, at line 000 of
file.cs, without any additional filtering by the database. This could allow the user to choose different records based on the id.
where commandOut is a SQLCommand passing parameters to stored procedure.
The issue is raised for the application run as a service under domain account. Should it be a concern?
Thank you.
Continue reading...
This input is used by the application, without being validated, to filter personal records
from sensitive database tables. Method ... submits a query to the database commandOut, at line 000 of
file.cs, without any additional filtering by the database. This could allow the user to choose different records based on the id.
where commandOut is a SQLCommand passing parameters to stored procedure.
The issue is raised for the application run as a service under domain account. Should it be a concern?
Thank you.
Continue reading...