[ https://issues.apache.org/jira/browse/CLOUDSTACK-8805?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14736646#comment-14736646 ]
ASF GitHub Bot commented on CLOUDSTACK-8805: -------------------------------------------- Github user rafaelweingartner commented on the pull request: https://github.com/apache/cloudstack/pull/775#issuecomment-138872339 @nitin-maharana, when I said that the String concatenation there might make ACS vulnerable to SQL injection attacks, I did not mean that your PR did that. What I meant was that the code that is there, even before your PR, is making ACs vulnerable. I just mentioned about the vulnerability here to register the thought, so others can also think about the problem that might exist. I do not know much of ACS DAOs, but if in other places such as VM API (in which users have access), the same String concatenations are used that can be a huge problem. Besides that the code LGTM. > Domains become inactive automatically. > -------------------------------------- > > Key: CLOUDSTACK-8805 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8805 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Reporter: Nitin Kumar Maharana > > If there is a domain with name '%', if we force delete the '%' domain then > all the other domains become inactive except Root domain. -- This message was sent by Atlassian JIRA (v6.3.4#6332)