ptuomola commented on a change in pull request #1671:
URL: https://github.com/apache/fineract/pull/1671#discussion_r611248666
##########
File path:
fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/JdbcTenantDetailsService.java
##########
@@ -49,7 +49,9 @@ public
JdbcTenantDetailsService(@Qualifier("hikariTenantDataSource") final DataS
private static final class TenantMapper implements
RowMapper<FineractPlatformTenant> {
- private final StringBuilder sqlBuilder = new StringBuilder("t.id,
ts.id as connectionId , ")//
+ private final String tenantIdentifier;
Review comment:
I think leaving the concatenation as-is would be OK - as you say, we are
not concatenating any user input / parameters but simply the hardcoded list of
columns returned by a function. I don't think that introduces any additional
security etc risks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
