Manjunatha-h opened a new pull request, #8025: URL: https://github.com/apache/gravitino/pull/8025
Title: [#8017] fix: use SQL prepared statements in JdbcDatabaseOperations and PostgreSqlSchemaOperations What changes were proposed in this pull request? Replaced direct SQL statement execution with prepared statements in JdbcDatabaseOperations.java and PostgreSqlSchemaOperations.java to improve security and prevent SQL injection vulnerabilities. Why are the changes needed? Direct SQL execution can lead to SQL injection risks. Prepared statements ensure that query parameters are safely bound, improving both security and reliability. This change aligns with best practices for database access in Java. Fix: #8017 Does this PR introduce any user-facing change? No. This is an internal improvement that does not change the public API or user-facing behavior. How was this patch tested? Verified that database operations still function as expected using prepared statements. Ran existing unit tests to ensure no regressions were introduced. Checked that queries execute correctly with different parameter values. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
