Preventing destructive library and template uploads to Application Security

A malicious user might modify a report library or template so that it contains arbitrary and potentially destructive SQL queries and commands. Upload only libraries and templates that are written by trusted users and that have been reviewed for malicious queries and commands.

Only users who have permission to manage report definitions and libraries can upload custom report libraries and templates to Application Security. To prevent templates that execute arbitrary and potentially destructive commands from being uploaded to Application Security, ensure that you:

Assign access permissions to trusted users only.
Check all custom templates for arbitrary SQL queries and commands before you upload them to Application Security.