XYZ - Developer Guide
  • Introduction
  • Licence
  • Deploying
    • Local Deployments
  • Access
    • Access Control List (ACL)
    • User account registration
    • Password reset
    • Failed login attempts
  • Environment Settings
    • Hosting
    • Access Control
    • Workspace Connections
    • 3rd party API keys
  • Workspaces
    • Title
    • Documentation
    • Locate
    • Locales
      • Gazetteer
    • Layers
      • Tile Layer
      • PostGIS Data Layers
      • Cluster Layer
      • GeoJSON Layer
      • MapBox Vector Tile (MVT) Layer
      • Grid (Hex) Layer
      • Filter
    • Locations
      • infoj
        • Groups
        • Filter
        • Lookups
        • withSelect
        • Table definition
        • Ordered list
        • Geometry
    • Editing
    • Access Restrictions & Filter
    • Workspace Checks
  • Routes
    • / (root)
    • /proxy/request
    • /api
      • /gazetteer
        • /autocomplete
        • /googleplaces
      • /layer
        • /cluster
        • /extent
        • /geojson
        • /grid
        • /mvt/:z/:x/:y
      • /location
        • /edit
          • /delete
          • /image/delete
          • /image/upload
          • /draw
          • /draw/catchment
          • /catchment/create
          • /catchment/delete
          • /update
        • /select
          • /id
          • /cluster
          • /latlng/contains
          • /latlng/nnearest
          • /latlng/intersects
          • /aggregate
        • /field/range
    • /auth
      • /login
      • /register
      • /token
        • /api
        • /renew
      • /user
        • /admin
        • /verify
        • /approve
        • /update
        • /delete
    • /workspace
      • /get
      • /load
      • /admin
      • /admin/json
  • Infrastructure
    • _xyz
      • host
      • layer
      • location
      • mapview
      • tableview
    • Dependencies
      • Webpack
      • SASS
    • Testing
    • Security
      • JWT token
      • Strategy
      • SQL Injections
    • Server
    • Client
Powered by GitBook
On this page
  1. Infrastructure
  2. Security

SQL Injections

All queries to the PostgreSQL database are parsed through the node-postgres module. Queries use a battle-tested parameter substitution code.

Parameter are also checked against the workspace which is loaded into the backend process memory. Requests with parameter not found in the workspace result in a 406 response.

PreviousStrategyNextServer

Last updated 6 years ago