fineract-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [fineract] vorburger opened a new pull request #725: Fix audit trails filter (FINERACT-808)
Date Sun, 08 Mar 2020 17:21:11 GMT
vorburger opened a new pull request #725: Fix audit trails filter (FINERACT-808)
URL: https://github.com/apache/fineract/pull/725
 
 
   As per the great analysis by Manthan Surkar (@thesmallstar) in the original PR #723, the
cause of
   the [FINERACT-808](https://issues.apache.org/jira/browse/FINERACT-808) bug was that "the
backend would treat "UPDATE" and similar strings as SQL injection".
   
   The root cause of that was that (IMHO..) how Fineract does SQL injection is more of a workaround
(blacklisting some keywords and some heuristic checks) then how this really should be done
(by using JDBC Prepared statements with arguments for all external data, instead inlined SQL).
   
   This also lays the foundation for more like this in [FINERACT-854](https://issues.apache.org/jira/browse/FINERACT-854).

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message