Documentation - V-276291

V-276291

Microsoft Azure SQL Managed Instance Security Technical Implementation Guide

CAT II

Title

Azure SQL Managed Instance must check the validity of all data inputs except those specifically identified by the organization.

Description

<VulnDiscussion>Invalid user input occurs when a user inserts data or characters into an application's data entry fields and the application is unprepared to process that data. This results in unanticipated application behavior, potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application. With respect to database management systems, one class of threat is known as SQL Injection, or...

Fix Text (Documentation Requirement)

Use parameterized queries, constraints, foreign keys, etc., to validate data input. Modify Azure SQL Managed Instance to properly use the correct column data types as required in the database. Consider submitting a request to the vendor for changes to a COTS database when code is discovered that could create invalid inputs and cannot be altered directly by the DBAs without loss of official support.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel