摘要 |
Methods and systems for use in validating input data in a computing system. Input data associated with a destination software application, such as a database, is received at a computing system. The input data is forwarded to an intermediate software application, such as a web application. When the input includes one or more patterns, a query produced by the intermediate software application based on the input data is validated, such as by comparing the structure of the query to one or more expected query structures. If the validation succeeds, the query is forwarded to the destination software application. Otherwise, the query is discarded. |
主权项 |
1. A method for validating input data in a computing system, said method comprising:
receiving, at a validation computing system, at least one input string from a client computing device; performing, by the validation computing system, a first validation step, wherein the first validation step includes comparing the at least one input string to a plurality of predetermined patterns; forwarding, by the validation computing system, the at least one input string to an application server, wherein the application server is configured to populate a query based on the at least one input string, the query associated with a database; receiving, by the validation computing system, the query from the application server; sending, by the validation computing system when the first validation step identifies that the at least one input string is valid, the query to the database for execution and returning a result of the executed query to the client computing device; performing, by the validation computing system when the first validation step identifies that the at least one input string is invalid, a second validation step, wherein the second validation step includes analyzing a structure of the query; sending, by the validation computing system when the second validation step identifies that the query is valid, the query to the database for execution and returning the result of the executed query to the client computing device; and discarding, by the validation computing system, the query when the second validation step identifies that the query is invalid. |