Hello
I have the following scenario:
An nxagent sends a value to the server via nxapush.exe.
A threshold is defined at the DCI, this threshold executes an NXSL script.
Now my question is whether an injection can take place here or whether the script runs a kind of "prepared statement"?
Or is there a function I need to include to protect the server from this?
I could not perform an injection myself, I may have made a mistake. Hence my question as to whether such a scenario was taken into account in the programming.
In the scripting language it's different then in SQL. When the script (you probably use script threshold) is invoked, DCI value is contained in $1 variable. Any operation with this variable will take it as a whole thing.