chukwa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <>
Subject [jira] Created: (CHUKWA-108) Use prepared statement to prevent sql injection attacks
Date Wed, 08 Apr 2009 20:52:13 GMT
Use prepared statement to prevent sql injection attacks

                 Key: CHUKWA-108
             Project: Hadoop Chukwa
          Issue Type: Improvement
          Components: Data Processors
            Reporter: Eric Yang

To prevent SQL Injection attacks, you should use prepared statements. There are many places
where the SQL query is executed and in atleast a couple of places the input parameter from
the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp")
though in many places the parameters in the select statement do not seem to come from the
user input.

Please use prepared statement consistently to prevent sql injection attacks.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message