Return-Path: <user-return-14106-archive-asf-public=cust-asf.ponee.io@ignite.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id C90E2200CEC
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 21 Aug 2017 12:30:12 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id C7997163B3C; Mon, 21 Aug 2017 10:30:12 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 19CD3163B38
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 21 Aug 2017 12:30:11 +0200 (CEST)
Received: (qmail 58492 invoked by uid 500); 21 Aug 2017 10:30:11 -0000
Mailing-List: contact user-help@ignite.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@ignite.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@ignite.apache.org>
List-Post: <mailto:user@ignite.apache.org>
List-Id: <user.ignite.apache.org>
Reply-To: user@ignite.apache.org
Delivered-To: mailing list user@ignite.apache.org
Received: (qmail 58482 invoked by uid 99); 21 Aug 2017 10:30:10 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Aug 2017 10:30:10 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 700AD1A09EC
	for <user@ignite.apache.org>; Mon, 21 Aug 2017 10:30:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.401
X-Spam-Level: 
X-Spam-Status: No, score=-0.401 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8,
	RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id 7uYWqzC6p2aW for <user@ignite.apache.org>;
	Mon, 21 Aug 2017 10:30:08 +0000 (UTC)
Received: from mail-wr0-f176.google.com (mail-wr0-f176.google.com [209.85.128.176])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 1E8005F6C6
	for <user@ignite.apache.org>; Mon, 21 Aug 2017 10:30:08 +0000 (UTC)
Received: by mail-wr0-f176.google.com with SMTP id f8so58976057wrf.3
        for <user@ignite.apache.org>; Mon, 21 Aug 2017 03:30:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=oQl2trejyJWSK0O1Cg6T83BmXEYInR4dOfJ29fpTyZw=;
        b=PHLLqIV5Y+wl2vKYBKWxJZkD4QK3TEoaTwXs0fqJAzblcswk0qOLdCEYaBnmcPw0ZX
         pe2rPzBEG8tBfwnMuztPUYmGP/wZQpi5lvre2e6OgjNfDYH9JfQMoklHQTOd2cUCFRCQ
         vGFWCE60+P41l/LWSt+ONxkSWWIkD2g1iU/hsxzsxf9TLdhRmjNTiPc1gA+Tch8mKoYW
         SfnRaKYG8642C9Ey4yBXMlhBCYE3eTYdi+rllMUrDXv5BmAfLJA9ZvTxijorLuxaZ2l0
         sFDD7A4+kDVFeuenxIxoegELC0lNnQf5GNsbCMUFUIW2T4QhJlTUNaR2aAjNaZO6FNrg
         Dp1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=oQl2trejyJWSK0O1Cg6T83BmXEYInR4dOfJ29fpTyZw=;
        b=UN0B+VFBIxiODAVp/z+d0mpl/TYPma21pXhHSi08Hx/pJ5zaamDC/FnZAb/wiKMoYK
         md31gZLf4sES/RFh+9G/R5n3TqjifiDw5G/gmuPcRdSw3F8znZL5Hx2kjdubXa83mUeY
         jX08uI9Ex8LbvMGv6YbLPPthWzTEj7YsIuvu+QDA5eq5erExPuuDYuWuvgsZUpw90sUY
         C7qjE7kPnvvJ62dPUPqBeEMT58Dt06Gm7L3OyUjKwhhhcFV6HCC/lV1/4Xh+OEW35+D4
         xNVlTVvuD5RmqWCPGl0ZWTt7Re3M9+gMGRP/IjGyXLFMKp5qJNM7Z/73anjqeEiQjkET
         /r8Q==
X-Gm-Message-State: AHYfb5iq7dIpcw2sAgzLEe8gAFlu5G3qDiGl/SgRE5WKsreUqH3nrKvu
	yirH2G8Ei1nyw8UI9lqYCscZeBYrR9/X5vU=
X-Received: by 10.223.176.240 with SMTP id j45mr5800572wra.101.1503311407432;
 Mon, 21 Aug 2017 03:30:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.176.226 with HTTP; Mon, 21 Aug 2017 03:30:06 -0700 (PDT)
In-Reply-To: <1503299887306-16321.post@n6.nabble.com>
References: <1503299887306-16321.post@n6.nabble.com>
From: Alexey Kukushkin <kukushkinalexey@gmail.com>
Date: Mon, 21 Aug 2017 13:30:06 +0300
Message-ID: <CA+vFNSog+No5NJbFiDGc7s1nFp_BuA_FCebdXoCDbwsiS3xyKQ@mail.gmail.com>
Subject: Re: sql Injection prevention in ignite
To: user@ignite.apache.org
Content-Type: multipart/alternative; boundary="001a114198cc6d4875055740f620"
archived-at: Mon, 21 Aug 2017 10:30:12 -0000

--001a114198cc6d4875055740f620
Content-Type: text/plain; charset="UTF-8"

Hi,

Yes, Ignite prevents SQL injection.

Also, I think PreparedStatement is not about preventing you from SQL
injection. PreparedStatement is about compiling a query so that it can be
efficiently re-used if executed multiple times. What prevents form SQL
injection is binding parameters instead of concatenating them and making
them part of the SQL. If you check
IgniteH2Indexing.preparedStatementWithParams() you would find that this is
exactly what Ignite does - it binds parameters to the statement.

On Mon, Aug 21, 2017 at 10:18 AM, kotamrajuyashasvi <
kotamrajuyashasvi@gmail.com> wrote:

> Hi
>
> Using PreparedStatement of JDBC we can avoid/prevent sql Injection. Does
> *SqlFieldsQuery.setArgs(..)* in ignite also have same functionality to
> prevent sql Injection or Are there any other ways to prevent sql Injection
> in ignite.
>
>
>
>
> --
> View this message in context: http://apache-ignite-users.
> 70518.x6.nabble.com/sql-Injection-prevention-in-ignite-tp16321.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.
>



-- 
Best regards,
Alexey

--001a114198cc6d4875055740f620
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi,<div><br></div><div>Yes, Ignite prevents SQL injection.=
</div><div><br></div><div>Also, I think PreparedStatement is not about prev=
enting you from SQL injection. PreparedStatement is about compiling a query=
 so that it can be efficiently re-used if executed multiple times. What pre=
vents form SQL injection is binding parameters instead of concatenating the=
m and making them part of the SQL. If you check IgniteH2Indexing.preparedSt=
atementWithParams() you would find that this is exactly what Ignite does - =
it binds parameters to the statement.=C2=A0</div></div><div class=3D"gmail_=
extra"><br><div class=3D"gmail_quote">On Mon, Aug 21, 2017 at 10:18 AM, kot=
amrajuyashasvi <span dir=3D"ltr">&lt;<a href=3D"mailto:kotamrajuyashasvi@gm=
ail.com" target=3D"_blank">kotamrajuyashasvi@gmail.com</a>&gt;</span> wrote=
:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-le=
ft:1px #ccc solid;padding-left:1ex">Hi<br>
<br>
Using PreparedStatement of JDBC we can avoid/prevent sql Injection. Does<br=
>
*SqlFieldsQuery.setArgs(..)* in ignite also have same functionality to<br>
prevent sql Injection or Are there any other ways to prevent sql Injection<=
br>
in ignite.<br>
<br>
<br>
<br>
<br>
--<br>
View this message in context: <a href=3D"http://apache-ignite-users.70518.x=
6.nabble.com/sql-Injection-prevention-in-ignite-tp16321.html" rel=3D"norefe=
rrer" target=3D"_blank">http://apache-ignite-users.<wbr>70518.x6.nabble.com=
/sql-<wbr>Injection-prevention-in-<wbr>ignite-tp16321.html</a><br>
Sent from the Apache Ignite Users mailing list archive at Nabble.com.<br>
</blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div class=
=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">Be=
st regards,<div>Alexey</div></div></div>
</div>

--001a114198cc6d4875055740f620--