This document provides information about SQL Injection attacks and how the risks associated with them are mitigated in the DataFlex application environment. When SQL statements written by a developer are included in an application program for direct execution by an SQL server, the developer is responsible for making sure that his or her programming style does not let the guard down for threats like SQL Injection or other risks.
What is an SQL Injection attack?
In Visual DataFlex 14.1 we added data dictionary modeling to the Studio. This task used to be performed by the Database Builder tool.
Database Builder used a quite primitive approach to source code modeling. It relied on special marker comments and a set of hard-coded symbols to understand how to model a data dictionary class.
The Studio's modeler is more powerful and flexible. It properly analyzes the source code of the data dictionary file and all of the files used