Return-Path: Delivered-To: apmail-hadoop-chukwa-dev-archive@minotaur.apache.org Received: (qmail 60666 invoked from network); 8 Apr 2009 20:52:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 8 Apr 2009 20:52:34 -0000 Received: (qmail 82202 invoked by uid 500); 8 Apr 2009 20:52:34 -0000 Delivered-To: apmail-hadoop-chukwa-dev-archive@hadoop.apache.org Received: (qmail 82187 invoked by uid 500); 8 Apr 2009 20:52:34 -0000 Mailing-List: contact chukwa-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: chukwa-dev@hadoop.apache.org Delivered-To: mailing list chukwa-dev@hadoop.apache.org Received: (qmail 82177 invoked by uid 99); 8 Apr 2009 20:52:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Apr 2009 20:52:34 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Apr 2009 20:52:33 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 479FF234C004 for ; Wed, 8 Apr 2009 13:52:13 -0700 (PDT) Message-ID: <1106709343.1239223933278.JavaMail.jira@brutus> Date: Wed, 8 Apr 2009 13:52:13 -0700 (PDT) From: "Eric Yang (JIRA)" To: chukwa-dev@hadoop.apache.org Subject: [jira] Created: (CHUKWA-108) Use prepared statement to prevent sql injection attacks MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org Use prepared statement to prevent sql injection attacks ------------------------------------------------------- Key: CHUKWA-108 URL: https://issues.apache.org/jira/browse/CHUKWA-108 Project: Hadoop Chukwa Issue Type: Improvement Components: Data Processors Reporter: Eric Yang To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input. Please use prepared statement consistently to prevent sql injection attacks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.