adamsaghy commented on PR #5916: URL: https://github.com/apache/fineract/pull/5916#issuecomment-4615452219
> > I like the idea, but second @meonkeys and @vidakovic regarding we should have a central place for sql validation and rules and reuse that. > > I did not say that and I'm not reviewing this PR, but FWIW it sounds like a good idea? To the idea of using prepared statements wherever possible and input value sanitization and validation: yes, I do think it’s a good direction. To implement it locally: not so much. I would probably wire and move this logic into the `SqlValidator`. There, I would define rules (which could be hardcoded, but probably we should have an SQL dictionary) and regular expressions or user-defined rules that could be configurable (to some extent). I suppose the main point here is to avoid having a local solution but a centralized one. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
