[
https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12716957#action_12716957
]
Hudson commented on CHUKWA-108:
-------------------------------
Integrated in Chukwa-trunk #45 (See
[http://hudson.zones.apache.org/hudson/job/Chukwa-trunk/45/])
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Affects Versions: 0.2.0
> Reporter: Eric Yang
> Assignee: Eric Yang
> Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There
> are many places where the SQL query is executed and in atleast a couple of
> places the input parameter from the user is used in the query. (metric in
> web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the
> parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
