Security enhancement in JDBC datastore queries - PingFederate

Security enhancement in JDBC datastore queries - PingFederate - 11.0

PingFederate Server

bundle

pingfederate-110

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 11.0

category

Product

pf-110

pingfederate

ContentType_ce

Page created: 16 Jul 2021 |

Page updated: 20 Jul 2023

| 1 min read

Product PingFederate 11.0 Upgrading User task Product documentation Content Type Administrator Audience Software Deployment Method

A security enhancement was made in PingFederate 9.0 to safeguard JDBC datastore queries against back-end SQL injection attacks. This protection is enabled for all new installations.

If you are upgrading from PingFederate 8.4.4 or an earlier version, you can enable this protection by modifying the <pf_install>/pingfederate/server/default/data/config-store/org.sourceid.common.SqlFilterManager.xml file.

Edit the org.sourceid.common.SqlFilterManager.xml file.

Set the <item name="enableSqlFilters"/> element value to true.

<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://www.sourceid.org/2004/05/config">
    <item name="enableSqlFilters">true</item>
</config>

Save the file.
Restart PingFederate.
If you have a clustered PingFederate environment, push this change to all engine nodes:
1. On the administrative console, go to System > Server > Cluster Management.
2. Click Replicate.
Verify your use cases to make sure your search filters return the expected results.