Return-Path: Delivered-To: apmail-hadoop-chukwa-dev-archive@minotaur.apache.org Received: (qmail 802 invoked from network); 12 May 2009 23:23:10 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 12 May 2009 23:23:10 -0000 Received: (qmail 21303 invoked by uid 500); 12 May 2009 23:23:09 -0000 Delivered-To: apmail-hadoop-chukwa-dev-archive@hadoop.apache.org Received: (qmail 21289 invoked by uid 500); 12 May 2009 23:23:09 -0000 Mailing-List: contact chukwa-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: chukwa-dev@hadoop.apache.org Delivered-To: mailing list chukwa-dev@hadoop.apache.org Received: (qmail 21279 invoked by uid 99); 12 May 2009 23:23:09 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 May 2009 23:23:09 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 May 2009 23:23:06 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 9796A234C004 for ; Tue, 12 May 2009 16:22:45 -0700 (PDT) Message-ID: <2002211688.1242170565606.JavaMail.jira@brutus> Date: Tue, 12 May 2009 16:22:45 -0700 (PDT) From: "Mac Yang (JIRA)" To: chukwa-dev@hadoop.apache.org Subject: [jira] Commented: (CHUKWA-108) Use prepared statement to prevent sql injection attacks In-Reply-To: <1106709343.1239223933278.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12708684#action_12708684 ] Mac Yang commented on CHUKWA-108: --------------------------------- this is for trunk > Use prepared statement to prevent sql injection attacks > ------------------------------------------------------- > > Key: CHUKWA-108 > URL: https://issues.apache.org/jira/browse/CHUKWA-108 > Project: Hadoop Chukwa > Issue Type: Improvement > Components: Data Processors > Reporter: Eric Yang > Assignee: Eric Yang > Attachments: CHUKWA-108.patch > > > To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input. > Please use prepared statement consistently to prevent sql injection attacks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.