Implementation of input parameter validation
Input Parameter Validation in Sterling™ Field Sales ensures that the malicious scripts do not reach the business layer as the validation layer validates the data and sends it for further processing only on successful validation.
The main purpose of this activity is not to validate the individual input fields in the UI, but to safe guard the application as a whole from external attacks like the XSS.
Solution
Input Parameter Validation provides the data validation functionality for validating the input requests. You can define your own validation rules for validating different request parameters. Input validation can be performed for various kinds of inputs such as parameter name, parameter value, cookie name, cookie value, and so on. Sterling Field Sales supports regular expression based validation.
End-user impact
Validation rules are set for the user ID which is entered to access the Sterling Field Sales application. As a result, you may be restricted from entering a few characters in user ID. Hence, ensure that the user ID is created as per the default regular expression defined in Sterling Field Sales to log in to the application successfully.
Validation rules are set for the data that is entered in the user interface. As a result, you may not be able to enter few characters in the user interface. If the data entered by you does not pass the validation, a descriptive error message is displayed indicating the reason for the validation failure.
Out of the box, for the input validation failure, stack trace is suppressed and only a descriptive message is displayed in the user interface. However, to view the stack trace for input parameter validation failure in the user interface, you must grant the View Stack Trace permission to the User Group.
Implementation
This section explains the configurations for this functionality:
- You can define the Input Parameter Validation Rules to prevent the malicious scripts from reaching the business layer.