Do nxapush values get prepared?

Started by Focus, October 16, 2023, 03:59:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Focus

October 16, 2023, 03:59:24 PM
Hello

I have the following scenario:

An nxagent sends a value to the server via nxapush.exe.
A threshold is defined at the DCI, this threshold executes an NXSL script.

Now my question is whether an injection can take place here or whether the script runs a kind of "prepared statement"?
Or is there a function I need to include to protect the server from this?

I could not perform an injection myself, I may have made a mistake. Hence my question as to whether such a scenario was taken into account in the programming.

Filipp Sudanov

#1
October 18, 2023, 12:53:58 AM
In the scripting language it's different then in SQL. When the script (you probably use script threshold) is invoked, DCI value is contained in $1 variable. Any operation with this variable will take it as a whole thing.
Print
Go Up Pages1
User actions