3735050 - SQL injection protection for servicerequest odata text and formattedtext fields

Information regarding Text field when creating a ticket is protected against SQL injection. 

• SAP Cloud For Customer
• Security Topics

1. SQL injection protection is enabled by default for the ServiceRequest OData inputs, including Text (ticket creation) and FormattedText (timeline event).
2. The standard C4C OData framework uses parameterized queries and prepared statements, ensuring input is treated only as data and cannot run as SQL commands.
3. SQL injection protection is a baseline feature of the SAP HANA database and the cloud application programming model; these fields are protected by default against such vulnerabilities.
4. Additional input validation is performed at the OData layer before data is committed to the database, providing an extra protection layer.
5. No additional custom protection is required at the API level for these fields.

sql injection, odata, servicerequestcollection, servicerequesttextcollection, text field, formattedtext, ticket creation, timeline event, c4c, api security, parameterized queries, prepared statements, input validation, hana, injection protection , KBA , LOD-CRM-SEC , Security Topics , Problem