Hi!
Is it possible to do anything like “SQL Injection” in a Domino application?
Subject: “SQL Injection” in Domino?
That depends on how badly an application has been developed.
SQL injection can occur because the developer has been lazy/sloppy. You should never accept user data from the web, and execute it. That’s how SQL injection works.
On the Domino side of things, you could compare it with taking @Formula entered on the web and executing it in the back end. I would say that it is unlikely, but not impossible.
Another problem that was hitting the Domino blogosphere a while back is javascript injection, where user entered data is displayed on web pages without verification/cleaning.
To conclude: Never allow user entered data to be executed or displayed without verifying that the data is correct and allowed.
/Peter
Subject: “SQL Injection” in Domino?
It is not uncommon for a domino / notes app to query external relational dbs, via odbc or ado. So sure, if you do not scrub your data properly, you could run into security issues.