Buongiorno (?) Giorgio! On Sun, May 10, 2020 at 11:38 AM Giorgio Zoppi <[email protected]> wrote:
> Hello Michael, > please assign to me (forgot my jira pass) I have some spare time to mount > OWASP and direct against your host. > BTW I've just granted you the require JIRA permission so that you can assign issues to yourself in the future. Cool! We're excited to see you explore https://issues.apache.org/jira/browse/FINERACT-969. If anyone else reading along here is into this sort of stuff, we also welcome eyes helping to comb through, and raise PRs to address, what https://jira.apache.org/jira/browse/FINERACT-967 identifies. I expect some of it will naturally overlap with what Giorgio finds in FINERACT-969 - that's fine. PS if you forgot your JIRA password, you should be able to easily reset it yourself via email. > As for the Parameters Query, the problem is the implementation itself. It > will make sense to discuss a thinly layer for query separation. In the .NET > world we have Dapper. https://github.com/StackExchange/Dapper used in > StackOverflow. I dont know if there is a similar stuff in Java. > I'm not 100% sure what you mean, but I believe you may be making the point that the use of an ORM (Object Relational Mapping) framework can help prevent SQL Injection. I agree with this! FYI Fineract already uses one ( https://openjpa.apache.org, but note https://issues.apache.org/jira/browse/FINERACT-849 for potentially possibly maybe switching). Fineract only uses ORM for write. Much read is still direct SQL. FYI we have a GSoC student who is going to work on https://issues.apache.org/jira/browse/FINERACT-854 and https://issues.apache.org/jira/browse/FINERACT-853. I would expect that certain of the issues your work on FINERACT-969 will uncover will be fixed by FINERACT-854. If I were you, I would not wait for that work to complete, but instead go ahead, create JIRA bugs for everything you identify (best as sub-tasks under FINERACT-962, perhaps?) - and then later help us verify that the FINERACT-854 work actually fixed (some.. and which) of what you'll find. Makes sense? > I see the real meat is still old fineract, instead the fineract-cn is > still work in progress. So i will install the old one. > Contributions to both are obviously always very welcome... :_) > Best Regards, > Giorgio. > Best, M. _______________________ Michael Vorburger http://www.vorburger.ch
