Oracle ATG Web Commerce includes a component, /atg/dynamo/servlet/dafpipeline/SecurityServlet, that monitors query parameters and stops processes if they appear suspicious. The SecurityServlet component uses the /atg/dynamo/servlet/security/ParameterValidator component to check query parameters.

The SecurityServlet component is enabled by default. You can disable it by removing /atg/dynamo/servlet/dafpipeline/SecurityServlet from the insertableServlets property of the /atg/dynamo/servlet/dafpipeline/DynamoHandler/ component.