• Article for your preferred language does not exist. Below is international version of the article.

Article ID: 8468, created on Apr 21, 2010, last review on Apr 25, 2014

  • Applies to:
  • Operations Automation 5.4
  • Operations Automation 5.3
  • Operations Automation 5.2
  • Operations Automation 5.1
  • Operations Automation 5.0
  • Operations Automation 2.9
  • Operations Automation 2.8
  • Operations Automation 2.7
  • Operations Automation 2.6


How does the POA/PBA platform protect against malicious data input, for example SQL injection attacks?
POA uses parameterized SQL queries, so SQL injection is not possible.

Is form-based validation used across POA?
Yes, data from forms is validated on control panel level and on business logic level.

How does POA detect corruption of information (created by processing errors or deliberate attacks)?
No general corruption detection mechanism. There are some mechanisms for specific cases, e.g. there is a periodic task that detects Exchange mailboxes with broken GAL filters (they may be broken due to manual modifications of mailboxes configured by HMC) and fixes them.

Is there separation between functions that add, modify & delete data?
Yes, these are separate functions.

Is password data encrypted in the POA database? If so, what strength?
POA stores passwords encrypted (symmetric cipher, Blowfish, 224-bit key).

790a5ccf065b0b25aa71bd7d87404381 5356b422f65bdad1c3e9edca5d74a1ae 0c262e25de71ebe1ac525040493d11d0 c27596ac4fff6cb4c8ec8891dae57001 1daac7478dc3e43f59cdce868c0fea76 37e602325b9e080e0d137546b764143c 80fcf07a72a3fc2739554dff85ce8fe7 2554725ed606193dd9bbce21365bed4e caea8340e2d186a540518d08602aa065 c2898cda1192c88ccc616ade5f670bd6 ac82ce33439a9c1feec4ff4f2f638899 a8cdca46e4357a6e38fded820770e272 25ba5a02b9d70d4212e34c355e881968 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF