ok so it sounds like it's safe :) I'm not parsing it at all, that's my point, I'm taking what ever the user types and doing a Bytes.toBytes(s); on it and using it as the column qualifier. I was more or less wondering if there were control characters that could lead to anomalies or sql-injection-like hacks. It sounds like the answer is "no".
Thanks. On 9/30/14, Nick Dimiduk <[email protected]> wrote: > This depends more on your parsing code than on HBase. All values are > converted into byte[]'s for HBase. Once your code has parsed the user input > and generated the byte[], there's no place for ambiguity on the HBase side. > > On Tue, Sep 30, 2014 at 5:19 PM, Ted <[email protected]> wrote: > >> Hi I'm wondering if it's safe to use user inputed values as column >> qualifiers. >> >> I realised there maybe a sensible size limit, but that's easily checked. >> >> The scenario is if you wanted to store simple key/value pairs into >> column/values like perhaps some ones preferences like : >> >> FavouriteColour=Red >> FavouritePet=Cat >> >> where the user may get to choose both the key and value. >> >> Basically the concern is special characters and or special parsing of >> the column names, as an example the column names are allegedly = >> <family_name> : <column_qualifier> >> >> so what happens if people put more colons in the qualifier and or >> escape characters like backspace or other control characters etc? Is >> there any danger or is it all just uninterpreted bytes values after >> the first colon? >> >> thanks >> -- >> Ted. >> > -- Ted.
