What are client influenced interactions that put the use of databases under the threat?
- Risks from Logging
Description: Log readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area. Be sure to understand and document log file elements which come from untrusted sources.
- Elevation Using Impersonation
Category: Elevation Of Privilege
Description: Web Server may be able to impersonate the context of Human User in order to gain additional privilege.
- Cross Site Scripting
Description: The web server could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.