4.2.13.3 Information Flow Enforcement

This topic describes about information flow enforcement.

Information flows from GUI to the application server in form of request XMLs. There are validations in place to validate the request XMLs. Malicious data entry are filtered off from further processing when found in the body of the XML. Frontend Java classes calls the backend PLSQL packages for further processing. This, PLSQL level validations are in place in the database server. Exclusive use of bind variables and calls to Oracle’s DBMS_ASSERT package does the sanitization of the data.

All request URL’s are sanitized properly and responses encoded so as to avoid any scripting injection.