SV-213609r508024_rule
V-213609
SRG-APP-000251-DB-000391
PPS9-00-006300
CAT II
10
Install and configure SQL/Protect as documented here:
http://www.enterprisedb.com/docs/en/9.5/eeguide/Postgres_Plus_Enterprise_Edition_Guide.1.072.html#
Alternatively, implement, document, and maintain another method of checking for the validity of inputs.
Execute the following SQL as enterprisedb:
SELECT * FROM sqlprotect.list_protected_users;
If the database and user that handles user input is not listed or if sqlprotect.list_protected_users does not exist (meaning SQL/Protect is not installed), and an alternative means of reviewing for vulnerable code is not in use, this is a finding.
V-213609
False
PPS9-00-006300
Execute the following SQL as enterprisedb:
SELECT * FROM sqlprotect.list_protected_users;
If the database and user that handles user input is not listed or if sqlprotect.list_protected_users does not exist (meaning SQL/Protect is not installed), and an alternative means of reviewing for vulnerable code is not in use, this is a finding.
M
3988