Forum Discussion

Advisor

4 years ago

Security risk? Our search bar is being tested periodically for vulnerabilities

Hi All, Not sure if this is in the right board, however here I think most tech sevvy members will see this post here fasted. In our Community Analytics board we see that on weekends our search func...

Notmark-VFZ

Mentor

4 years ago

FYI, we've also raised this question to Khoros directly and have received a comforting response:

"We can confidently confirm that the mentioned query, although looks like SQL, is actually a Khoros(Lithium) specific language - LiQL which is well protected against most of common attacks like SQL injections.

You can share a couple of articles to anyone who would want to understand the same with below links:
1. https://community.khoros.com/t5/Community-FAQ-s-from-Support/Is-LiQL-vulnerable-to-SQL-injection-attacks/ta-p/281334

2. https://community.khoros.com/t5/Developer-Discussion/LiQL-injection-attacks-and-quotes-in-Rest-API-2-0/m-p/231920"

Forum Discussion

Security risk? Our search bar is being tested periodically for vulnerabilities

Related Content

API for board information per time period

GDPR “soft-delete” period for Aurora

Re: Manage security settings for your account

About Aurora Security Assertion Markup Language (SAML) Single Sign-On (SSO)

Introducing AWS Bot Control: Enhanced Security for Khoros Communities

Recent Discussions

Join node/group 301 API error

liqlAdmin in khoros aurora graphql API

How do I get the article ID in Freemarker in a TkbArticle?

How to retrieve "Internal reason for ban" field

Tips on keeping stage and prod in alignment?