Skip to main content

Web form input protection

The Hitachi ID Privileged Access Manager web user portal is implemented using the standard common gateway interface (CGI) mechanism, available on all web servers. CGI programs are exclusively responsible for accepting user input and displaying web pages. As such, the CGI programs may be attacked so need to incorporate strong protections.

All Privileged Access Manager CGI programs use a standard string library to validate all inputs and protect against buffer overflow, SQL injection, cross site scripting and similar attacks. This is done by checking maximum input lengths, filtering out special characters and HTML codes, checking for valid formatting and value ranges, etc.

Read More:

  • Multi-layered security architecture:
    Security is implemented as multiple layers, each of which acts to protect Privileged Access Manager data and embedded privileges.
  • Hardened server platform:
    Privileged Access Manager runs on a locked-down, hardened operating system.
  • Use of encryption:
    Use of Encryption to protect sensitive user data in storage and transit.
  • Web form input protection:
    Inputs to web forms in Privileged Access Manager are automatically protected against bogus data, buffer overruns and more.
page top page top