Use prepared statement to prevent sql injection attacks
-------------------------------------------------------
Key: CHUKWA-108
URL: https://issues.apache.org/jira/browse/CHUKWA-108
Project: Hadoop Chukwa
Issue Type: Improvement
Components: Data Processors
Reporter: Eric Yang
To prevent SQL Injection attacks, you should use prepared statements. There are
many places where the SQL query is executed and in atleast a couple of places
the input parameter from the user is used in the query. (metric in
web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the
parameters in the select statement do not seem to come from the user input.
Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
