[jira] [Resolved] (PHOENIX-699) Ensure that the SQL generated for PhoenixDatabaseMetaData.getColumns doesn't allow SQL-injection

James Taylor (JIRA) Thu, 01 May 2014 21:55:27 -0700

     [ 
https://issues.apache.org/jira/browse/PHOENIX-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


James Taylor resolved PHOENIX-699.
----------------------------------

       Resolution: Fixed
    Fix Version/s: 5.0.0
                   4.0.0
                   3.0.0

> Ensure that the SQL generated for PhoenixDatabaseMetaData.getColumns doesn't 
> allow SQL-injection
> ------------------------------------------------------------------------------------------------
>
>                 Key: PHOENIX-699
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-699
>             Project: Phoenix
>          Issue Type: Task
>    Affects Versions: 3.0-Release
>            Reporter: James Taylor
>            Assignee: Julian Hyde
>             Fix For: 3.0.0, 4.0.0, 5.0.0
>
>
> For example:
>        PhoenixDatabaseMetaData metaData;
>         metaData.getColumns(null, null, "anything' or 1 = 1 or 'anything", 
> null);
> Ensure that the columns argument is used only as the second argument to a 
> LIKE expression without any trailing characters.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Resolved] (PHOENIX-699) Ensure that the SQL generated for PhoenixDatabaseMetaData.getColumns doesn't allow SQL-injection

Reply via email to