In Release 9.2, Input Parameter Validation is used to validate all inputs. The data validation functionality allows only explicitly defined characters in the input. This functionality ensures that the malicious scripts do not reach the business layer as the validation layer validates the data and sends it for further processing only on successful validation. The main purpose of this functionality is not to validate the individual input fields in the user interface, but to safeguard the application as a whole from external attacks like the XSS.
You can define your own validation rules for validating different request parameters. Input validation can be performed for various kinds of inputs, such as parameter name, parameter value, cookie name, cookie value, and so on. Sterling Business Center supports regular expression based validation.
In earlier releases there were no restrictions to the data that is entered at the user interface. In Release 9.2, you may not be able to enter a few characters in the user interface as your administrator may have set certain validation rules for the data that is entered in the user interface.
For example, in Release 9.1, you can enter a special character such as "<" in the Short Description field of a product. Whereas, in Release 9.2, if your administrator has not defined "<" in the validation rule, you may not be allowed to enter that character in the Short Description field.
If the data entered by you does not pass the validation, a descriptive error message is displayed indicating the reason for the validation failure.
None.
None.
None.