Article ID: 8468, created on Apr 21, 2010, last review on Apr 25, 2014

  • Applies to:
  • Operations Automation 5.4
  • Operations Automation 5.3
  • Operations Automation 5.2
  • Operations Automation 5.1
  • Operations Automation 5.0
  • Operations Automation 2.9
  • Operations Automation 2.8
  • Operations Automation 2.7
  • Operations Automation 2.6

FAQ

Q:
How does the POA/PBA platform protect against malicious data input, for example SQL injection attacks?
A:
POA uses parameterized SQL queries, so SQL injection is not possible.

Q:
Is form-based validation used across POA?
A:
Yes, data from forms is validated on control panel level and on business logic level.

Q:
How does POA detect corruption of information (created by processing errors or deliberate attacks)?
A:
No general corruption detection mechanism. There are some mechanisms for specific cases, e.g. there is a periodic task that detects Exchange mailboxes with broken GAL filters (they may be broken due to manual modifications of mailboxes configured by HMC) and fixes them.

Q:
Is there separation between functions that add, modify & delete data?
A:
Yes, these are separate functions.

Q:
Is password data encrypted in the POA database? If so, what strength?
A:
POA stores passwords encrypted (symmetric cipher, Blowfish, 224-bit key).

790a5ccf065b0b25aa71bd7d87404381 5356b422f65bdad1c3e9edca5d74a1ae 0c262e25de71ebe1ac525040493d11d0 c27596ac4fff6cb4c8ec8891dae57001 1daac7478dc3e43f59cdce868c0fea76 37e602325b9e080e0d137546b764143c 80fcf07a72a3fc2739554dff85ce8fe7 2554725ed606193dd9bbce21365bed4e caea8340e2d186a540518d08602aa065 c2898cda1192c88ccc616ade5f670bd6 ac82ce33439a9c1feec4ff4f2f638899 a8cdca46e4357a6e38fded820770e272 25ba5a02b9d70d4212e34c355e881968 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF