The module must follow all standard security best practices.

In particular, the following should be given special consideration:

  • Protect against XXE attacks

  • Always sanitize information from untrusted sources

  • When reading files from the local file system, make sure not to access secrets of the host environment nor enable path traversal

  • When possible, use CSRF tokens

  • When executing queries to a database, make correct use of PreparedStatement class to avoid SQL injection attacks.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub