Guidelines for the creation and deployment of custom code as they relate to the database in the Hyland Cloud include:
- Read, write, and other SQL access to existing OnBase tables must be done using API calls.
- Direct SQL updates and/or inserts are not permitted unless they are made to a custom database table that is created for the solution. Any custom table names added should include the prefix "CC". These custom tables will be added to your OnBase database.
- The user of standard OnBase database accounts is not permitted and they will not function in the Hyland Cloud environment. Use of the "Trusted Connection" option within your connection strings is advised. However, a custom SQL account can be created for the custom code should there be need. This can be requested through your (or your Hyland authorized reseller’s) standard Technical Support channel.
- For web services, database queries should not be passed from the client so as to prevent SQL injection attacks.
- SQL query paramaterization should be implemented for all database queries. All query parameters should be validated to ensure that data of the correct format and content are being passed. This requirement is to prevent SQL injection attacks.