hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vihang Karajgaonkar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-16035) Investigate potential SQL injection vulnerability in Hive
Date Fri, 24 Feb 2017 21:40:44 GMT

    [ https://issues.apache.org/jira/browse/HIVE-16035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15883568#comment-15883568
] 

Vihang Karajgaonkar commented on HIVE-16035:
--------------------------------------------

Thanks [~thejas] I was not aware. I tried closing this but there is no "close" option. Resolved
it as Invalid for now.

> Investigate potential SQL injection vulnerability in Hive
> ---------------------------------------------------------
>
>                 Key: HIVE-16035
>                 URL: https://issues.apache.org/jira/browse/HIVE-16035
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>            Reporter: Vihang Karajgaonkar
>            Assignee: Vihang Karajgaonkar
>
> Some of the queries in ObjectStore and MetastoreDirectSql classes append Strings variables
directly to the query text. This JIRA is to investigate the possible vulnerabilities and fix
them using parameterized queries.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message