AWS appsync high security documentation change
Summary
Added security-focused explanation about SQL injection protection and corrected variable reference from pathj to path
Security assessment
Explicitly mentions protection against SQL injection attacks through database engine sanitization. Corrects a potential variable name error (pathj -> path) while emphasizing secure handling of dynamic values.
Diff
diff --git a/appsync/latest/eventapi/rds-function-reference.md b/appsync/latest/eventapi/rds-function-reference.md index 93a45d511..c9babaf06 100644 --- a//appsync/latest/eventapi/rds-function-reference.md +++ b//appsync/latest/eventapi/rds-function-reference.md @@ -23 +23,3 @@ The `sql` tagged template only supports passing variable values. You can't use a -In the following example, we create a query that filters based on the value of the `col` argument that is set dynamically in the GraphQL query at run time. The value can only be added to the statement using the tag expression: +**Filtering Database Results Securely with Dynamic Channel Paths** + +When building AWS AppSync applications, you often need to filter database queries based on dynamic values. This pattern shows how to safely incorporate run-time values into your SQL queries while maintaining security. In the following example, we create a query that filters based on the value of channel path that is set dynamically at run time. The value can easily be added to the statement using the tag expression. @@ -32,2 +34 @@ In the following example, we create a query that filters based on the value of t - WHERE column = ${ctx.info.channel.pathj}` - ; + WHERE column = ${ctx.info.channel.path}`; @@ -38 +39 @@ In the following example, we create a query that filters based on the value of t -By passing all dynamic values through the variable map, we rely on the database engine to securely handle and sanitize values. +The database engine automatically protects against SQL injection attacks by sanitizing all values passed through the variable map.