Special Character Validation

Question

As a developer it is advisable to check and restrict the users from entering special characters like <,>,*,%,' etc to avoid sql injections.
But in the modules of Odoo i do not find any kind of restriction for those. So is it really not necessary to write any code for that and assume that Odoo handles the sql injection characters by itself !
Can anyone suggest anything regarding this as i am a beginner.

Ajin A K · Accepted Answer

*Secure by design* Odoo is designed in a way that prevents introducing most common security vulnerabilities:
SQL injections are prevented by the use of a higher-level API that does not require manual SQL queries
XSS attacks are prevented by the use of a high-level templating system that automatically escapes injected data
The framework prevents RPC access to private methods, making it harder to introduce exploitable vulnerabilities
Reffernce link : https://www.odoo.com/security

Aiheeseen liittyviä artikkeleita	Vastaukset	Näkymät
Securing openerp server serversecurity	2 maalisk. 15	8236
Validations in odoo studio Ratkaistu studio validations	1 tammik. 22	2644
How to implement async validations on form fields? Ratkaistu api validations async	1 jouluk. 19	3603
Date validation, end_date > start_end online validations odoo11	2 kesäk. 18	11329
How to execute constraints validations in one2many field when it is being saved, not when the parent is saved? one2many constraints validations	1 toukok. 17	10976

Tämä kysymys on merkitty

Secure by design

Nautitko keskustelusta? Älä vain lue, vaan osallistu!