drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Veera Naranammalpuram <vnaranammalpu...@maprtech.com>
Subject Re: [jira] [Created] (DRILL-5079) PreparedStatement dynamic parameters to avoid SQL Injection test
Date Mon, 28 Nov 2016 14:41:53 GMT
Can someone please apply a label of "Security" also to this JIRA?

Thanks,

-Veera

On Mon, Nov 28, 2016 at 7:25 AM, Wahyu Sudrajat (JIRA) <jira@apache.org>
wrote:

> Wahyu Sudrajat created DRILL-5079:
> -------------------------------------
>
>              Summary: PreparedStatement dynamic parameters to avoid SQL
> Injection test
>                  Key: DRILL-5079
>                  URL: https://issues.apache.org/jira/browse/DRILL-5079
>              Project: Apache Drill
>           Issue Type: Improvement
>           Components: Client - JDBC
>     Affects Versions: 1.8.0
>             Reporter: Wahyu Sudrajat
>             Priority: Critical
>
>
> Capability to use PreparedStatement with dynamic parameters to prevent SQL
> Injection.
>
> For example:
> select  * from PEOPLE where FIRST_NAME = ? and LAST_NAME = ? limit 100
>
> As for now, Drill will return:
> Error Message:PreparedStatementCallback; uncategorized SQLException for
> SQL []; SQL state [null]; error code [0]; Failed to create prepared
> statement: PLAN ERROR: Cannot convert RexNode to equivalent Drill
> expression. RexNode Class: org.apache.calcite.rex.RexDynamicParam,
> RexNode Digest: ?0
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.3.4#6332)
>



-- 
Veera Naranammalpuram
Product Specialist - SQL on Hadoop
*MapR Technologies (www.mapr.com <http://www.mapr.com>)*
*(Email) vnaranammalpuram@maprtech.com <naranammalpuram@maprtech.com>*
*(Mobile) 917 683 8116 - can text *
*Timezone: ET (UTC -5:00 / -4:00)*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message