SQL Injection for engine

Are we using Prepared Statement for the Engine web Services, Could not find this in Documentation ,Can anybody please confirm, Thanks.

Hi @vishalcool88,

Camunda uses prepared statements. If you want to dig deeper, Camunda uses the MyBatis ORM library and you can find most of the mappings here: https://github.com/camunda/camunda-bpm-platform/tree/master/engine/src/main/resources/org/camunda/bpm/engine/impl/mapping


1 Like