Telligent Evolution performs security procedures to protect Web sites from common security risks. The following table describes how it guards against some common security risks. Note: This list is not exhaustive; Telligent Evolution actually guards against a much wider set of attacks.
| Procedure |
Description |
|
SQL injection
|
SQL injection occurs in the database layer of an application. Telligent Evolution sanitizes input and utilizes stored procedure calls.
|
|
Path injection
|
Telligent Evolution takes an in-depth security approach and at different layers, validating that the requesting user has permission to files. It also utilizes built-in path protection provided by Internet Information Services (IIS).
|
|
Prevent JavaScript by default
|
Users are not allowed to submit JavaScript that will execute from a Telligent Evolution site. This is achieved partially through input validation and sanitation of data on the server.
|
|
Input validation
|
Telligent Evolution performs input by white-listing approved (i.e., marking as safe) HTML elements and attributes that may be used in posts. Any element or attribute that is not on the list in communityserver.config is scrubbed out. Telligent Evolution also uses custom validators to ensure that user input is appropriate.
|
|
Information leakage
|
Applications can unintentionally leak information about their configuration and internal workings, or they can violate privacy through a variety of application problems. Attackers use these weaknesses to steal sensitive data or conduct more serious attacks.
|
|
Cross-site request forgery
|
A cross-site request forgery attack forces a logged-on user's browser to send a preauthenticated request to a vulnerable Web application, which then forces the victim's browser to perform a hostile action.
|