Special Character Validation

Question

As a developer it is advisable to check and restrict the users from entering special characters like <,>,*,%,' etc to avoid sql injections.
But in the modules of Odoo i do not find any kind of restriction for those. So is it really not necessary to write any code for that and assume that Odoo handles the sql injection characters by itself !
Can anyone suggest anything regarding this as i am a beginner.

Ajin A K · Accepted Answer

*Secure by design* Odoo is designed in a way that prevents introducing most common security vulnerabilities:
SQL injections are prevented by the use of a higher-level API that does not require manual SQL queries
XSS attacks are prevented by the use of a high-level templating system that automatically escapes injected data
The framework prevents RPC access to private methods, making it harder to introduce exploitable vulnerabilities
Reffernce link : https://www.odoo.com/security

Verknüpfte Beiträge	Antworten	Ansichten
Securing openerp server serversecurity	2 März 15	8239
Validations in odoo studio Gelöst studio validations	1 Jan. 22	2647
How to implement async validations on form fields? Gelöst api validations async	1 Dez. 19	3604
Date validation, end_date > start_end online validations odoo11	2 Juni 18	11330
How to execute constraints validations in one2many field when it is being saved, not when the parent is saved? one2many constraints validations	1 Mai 17	10994

Diese Frage wurde gekennzeichnet

Secure by design

Diskutieren Sie gerne? Treten Sie bei, statt nur zu lesen!