Enhanced security for databases
Our customers are using Workato more than ever to perform critical business tasks on their databases. Everyday, recipes power bots and API endpoints across Workato to pull essential data from databases to empower various teams.
What concerns are there?
Database attacks are top of mind of any database administrator and manager who look for solutions that minimize risk. One of the most common database attacks is SQL injection, where third parties may attempt to retrieve more data than allowed. Read more about SQL injection here
Note – Our actions before prevented critical vectors of SQL injection i.e. dropping tables.
Additional layers of security to database connections such as SSL certificates provide added security so only specific authorized users can access your database.
Preventing SQL injection with parameterized queries
You can now build recipes that guard against any SQL injection attack through the introduction of bind variables. Bind variables allow you to create a variable in your WHERE conditions and define a matching parameter in the action. These parameters accept inputs from any source and will automatically raise errors for jobs where malicious inputs are found. Read more about parameterized queries here.
SSL connections for MySQL Databases
Connections to MySQL databases can now be coupled with SSL certificates to comply with organizational security requirements.
How you can use it
- Secure your API endpoints against SQL injection
John manages the IT team for a large MNC. Using Workato, they’ve built multiple API endpoints which allow multiple partner organizations to push or pull invoice data from their production SQL server database. With the introduction of parameterized queries, John onboard partners faster than ever before without fear of any SQL injection attacks that might compromise his company’s data.
2. Power chatbots securely
Marlene’s team manages the database storage of her company’s customers. They use Workbot to enable sales and support teams to quickly pull up information about customers. With the introduction of parameterized queries, Marlene can prevent any potential abuse by even internal teams to pull more data than they should. This gives Marlene peace of mind that her company’s data is secure whilst still providing immense value to her teammates.
Pulling contact information via Workbot
- MySQL (SSL connections)
- SQL Server
- Select rows
- Select rows using custom SQL (coming soon)