chukwa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CHUKWA-108) Use prepared statement to prevent sql injection attacks
Date Sat, 06 Jun 2009 23:08:09 GMT

    [ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12716957#action_12716957
] 

Hudson commented on CHUKWA-108:
-------------------------------

Integrated in Chukwa-trunk #45 (See [http://hudson.zones.apache.org/hudson/job/Chukwa-trunk/45/])
    

> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
>                 Key: CHUKWA-108
>                 URL: https://issues.apache.org/jira/browse/CHUKWA-108
>             Project: Hadoop Chukwa
>          Issue Type: Improvement
>          Components: Data Processors
>    Affects Versions: 0.2.0
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>         Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many
places where the SQL query is executed and in atleast a couple of places the input parameter
from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp")
though in many places the parameters in the select statement do not seem to come from the
user input.
> Please use prepared statement consistently to prevent sql injection attacks.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message