https://community.qlik.com/t5/Talend-Studio/Security-concerns-with-the-java-code-that-Talend-creates/m-p/2366108#M129635 <P>I have generated multiple ETL jobs to move data from one database to another and ran a couple scans on the code that was created.&nbsp; The scans found many security flaws when scanning based on the Security Technical Implementation Guide (STIG).&nbsp; Does Talend support this security guide and does Talend update their software when security concerns are found?</P> Tue, 24 May 2016 18:00:31 GMT Anonymous 2016-05-24T18:00:31Z https://community.qlik.com/t5/Talend-Studio/Security-concerns-with-the-java-code-that-Talend-creates/m-p/2366108#M129635 <P>I have generated multiple ETL jobs to move data from one database to another and ran a couple scans on the code that was created.&nbsp; The scans found many security flaws when scanning based on the Security Technical Implementation Guide (STIG).&nbsp; Does Talend support this security guide and does Talend update their software when security concerns are found?</P> Tue, 24 May 2016 18:00:31 GMT https://community.qlik.com/t5/Talend-Studio/Security-concerns-with-the-java-code-that-Talend-creates/m-p/2366108#M129635 Anonymous 2016-05-24T18:00:31Z https://community.qlik.com/t5/Talend-Studio/Security-concerns-with-the-java-code-that-Talend-creates/m-p/2366109#M129636 I would say, STIG cannot be applied to generated code without any user interaction. Of course nobody e.g. would write SQL code with direct inline values but this code cannot misused because the purpose of the jobs are batch processing and this is not affected by the attempt of users to cheat the system.&nbsp;<BR />By the way, the database output components uses always prepared statements and therefore secure. Tue, 24 May 2016 22:51:14 GMT https://community.qlik.com/t5/Talend-Studio/Security-concerns-with-the-java-code-that-Talend-creates/m-p/2366109#M129636 Anonymous 2016-05-24T22:51:14Z