SQL Injections

All queries to the PostgreSQL database are parsed through the node-postgres module. Queries use a battle-tested parameter substitution code.

Parameter are also checked against the workspace which is loaded into the backend process memory. Requests with parameter not found in the workspace result in a 406 response.