Solved: Data Validation from External Web service

Shyam_k · ‎2015 Aug 03

Hi All,

We have a requirement wherein we pass some input parameters to an external web service from HANA (via XSJS Jobs) and then receive datasets post processing.

Now the client security team raised the concern of major vulnerabilities in (web) applications, such as cross site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file system attacks, and buffer overflows.

The overall architecture of this process is illustrated below:

Now the question is, does HANA have any inbuilt validation mechanism to achieve this or is writing manual validation code the only option?

Let me know if you have any experience in this regard.

Thanks,

Shyam

thomas_jung · ‎2015 Aug 03

>does HANA have any inbuilt validation mechanism to achieve this

Your going to have to be more specific what you mean by "achieve this". You listed many different security aspects and there is no one answer to that. For instance SQL injection is largely protected against by using prepared statements. Still this doesn't remove the responsibility to also do good input validation checks. CORS and XSRF checks are largely built into the underlying framework and can be configured via XSADMIN/XSACCESS.

I would suggest reviewing at least this section of the HANA Developers' Guide:

Server-Side JavaScript Security Considerations - SAP HANA Developer Guide for SAP HANA Studio - SAP ...

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My SAP Profile

My SAP Profile

Data Validation from External Web service

Know the answer?

Need more details?