chukwa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] Created: (CHUKWA-108) Use prepared statement to prevent sql injection attacks
Date Wed, 08 Apr 2009 20:52:13 GMT
Use prepared statement to prevent sql injection attacks
-------------------------------------------------------

                 Key: CHUKWA-108
                 URL: https://issues.apache.org/jira/browse/CHUKWA-108
             Project: Hadoop Chukwa
          Issue Type: Improvement
          Components: Data Processors
            Reporter: Eric Yang


To prevent SQL Injection attacks, you should use prepared statements. There are many places
where the SQL query is executed and in atleast a couple of places the input parameter from
the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp")
though in many places the parameters in the select statement do not seem to come from the
user input.

Please use prepared statement consistently to prevent sql injection attacks.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message