Is Telerik protect for Sql injection attacks?

1 Answer 278 Views
General Discussions Grid
Adil
Top achievements
Rank 1
Iron
Veteran
Iron
Adil asked on 29 Dec 2022, 08:55 AM

Hi All,

I'm using Telerik UI for ASP.NET MVC R1 2021 licenced version and when customers doing some security test looks like some of Telerik instance codes can create Sql Injection attack possibility. Is it possible ? Is Telerik protect for Sql injection attacks?

One of usage example given below


        public ActionResult GridTransactionBinding([DataSourceRequest]DataSourceRequest request)
        {
            if (Session["Username"] == null) { return View("404"); }
            if (GetUserFleetId() != 0)
            {
                Load = GetLoadAmount();
            }

            return Json(Load.ToDataSourceResult(request), JsonRequestBehavior.AllowGet);
        }

 

Thanks

 

1 Answer, 1 is accepted

Sort by
0
Georgi
Telerik team
answered on 02 Jan 2023, 01:43 PM

Hello Adil,

Our collection extensions provide API that simplifies server operations by generating LINQ expressions based on the queries submitted by the client. When using IQueriable, these expressions are translated by the ORM to SQL queries and submitted to the database. In other words, the ORM is responsible for creating SQL injection-proof SQL queries, not our extensions.

Generally speaking, LINQ to Entities queries are not composed by using string manipulation or concatenation, and they are not susceptible to traditional SQL injection attacks. 

So it is safe to say, that our API cannot cause any SQL injection breaches.

Regards,
Georgi
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Tags
General Discussions Grid
Asked by
Adil
Top achievements
Rank 1
Iron
Veteran
Iron
Answers by
Georgi
Telerik team
Share this question
or