• Current Windchill+ customizations do not allow user interface changes. No input should be requested or entered as part of the custom code.

• Database access must ensure no SQL injection:

◦ No input should be requested or entered as part of the custom code.

◦ Use provided Windchill APIs for completing necessary server-side updates.

◦ User supplied table names or column names used in dynamic queries are validated against the allow list of acceptable values or a regular expression pattern.