Encrypting workflow requests
Hi,
We have been developing maps using Geocortex Essentials for a number of years now on a client environment that has 2 Web Application Firewalls.
We are constantly having to add rules to the firewall for URLs with query strings attached that have special characters that the WAF detects as SQL injection. e.g. %, ' characters
We feel it would be useful if Essentials had a built in function to encrypt or encode(base64?) the query strings coming form the viewer and then decrpyt it on the internal server before the workflow processes it.
This change would mean we would no longer have to check for WAF exceptions every release and we would no longer be maintaining a large library of exemptions.
This would be a big improvement for us and I believe others with similar setups would also benefit.
Thanks,
Glenn
We have been developing maps using Geocortex Essentials for a number of years now on a client environment that has 2 Web Application Firewalls.
We are constantly having to add rules to the firewall for URLs with query strings attached that have special characters that the WAF detects as SQL injection. e.g. %, ' characters
We feel it would be useful if Essentials had a built in function to encrypt or encode(base64?) the query strings coming form the viewer and then decrpyt it on the internal server before the workflow processes it.
This change would mean we would no longer have to check for WAF exceptions every release and we would no longer be maintaining a large library of exemptions.
This would be a big improvement for us and I believe others with similar setups would also benefit.
Thanks,
Glenn
2
Please sign in to leave a comment.
Comments
0 comments