Can someone please apply a label of "Security" also to this JIRA?
Thanks, -Veera On Mon, Nov 28, 2016 at 7:25 AM, Wahyu Sudrajat (JIRA) <[email protected]> wrote: > Wahyu Sudrajat created DRILL-5079: > ------------------------------------- > > Summary: PreparedStatement dynamic parameters to avoid SQL > Injection test > Key: DRILL-5079 > URL: https://issues.apache.org/jira/browse/DRILL-5079 > Project: Apache Drill > Issue Type: Improvement > Components: Client - JDBC > Affects Versions: 1.8.0 > Reporter: Wahyu Sudrajat > Priority: Critical > > > Capability to use PreparedStatement with dynamic parameters to prevent SQL > Injection. > > For example: > select * from PEOPLE where FIRST_NAME = ? and LAST_NAME = ? limit 100 > > As for now, Drill will return: > Error Message:PreparedStatementCallback; uncategorized SQLException for > SQL []; SQL state [null]; error code [0]; Failed to create prepared > statement: PLAN ERROR: Cannot convert RexNode to equivalent Drill > expression. RexNode Class: org.apache.calcite.rex.RexDynamicParam, > RexNode Digest: ?0 > > > > -- > This message was sent by Atlassian JIRA > (v6.3.4#6332) > -- Veera Naranammalpuram Product Specialist - SQL on Hadoop *MapR Technologies (www.mapr.com <http://www.mapr.com>)* *(Email) [email protected] <[email protected]>* *(Mobile) 917 683 8116 - can text * *Timezone: ET (UTC -5:00 / -4:00)*
