kylin-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaqing Wang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KYLIN-2696) Check SQL injection in model filter condition
Date Thu, 29 Jun 2017 06:36:00 GMT
Xiaqing Wang created KYLIN-2696:
-----------------------------------

             Summary: Check SQL injection in model filter condition
                 Key: KYLIN-2696
                 URL: https://issues.apache.org/jira/browse/KYLIN-2696
             Project: Kylin
          Issue Type: Bug
            Reporter: Xiaqing Wang


We should check the model filter condition in case of someone make use of it to do SQL injection
to Hive. 

Since it is a String embed into a WHERE clause, we simply forbid it to include ';' character,
except it is within a pair of quotations. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message