[
https://issues.apache.org/jira/browse/DRILL-5079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15927668#comment-15927668
]
Tobias commented on DRILL-5079:
-------------------------------
We would also like this for the above reason and additionally we would like
that the plan for the statement or at least parts of the physical plan could be
cached
as it is a significant part of the query plan for short running queries.
> PreparedStatement dynamic parameters to avoid SQL Injection test
> ----------------------------------------------------------------
>
> Key: DRILL-5079
> URL: https://issues.apache.org/jira/browse/DRILL-5079
> Project: Apache Drill
> Issue Type: Improvement
> Components: Client - JDBC
> Affects Versions: 1.8.0
> Reporter: Wahyu Sudrajat
> Priority: Critical
> Labels: security
>
> Capability to use PreparedStatement with dynamic parameters to prevent SQL
> Injection.
> For example:
> select * from PEOPLE where FIRST_NAME = ? and LAST_NAME = ? limit 100
> As for now, Drill will return:
> Error Message:PreparedStatementCallback; uncategorized SQLException for SQL
> []; SQL state [null]; error code [0]; Failed to create prepared statement:
> PLAN ERROR: Cannot convert RexNode to equivalent Drill expression. RexNode
> Class: org.apache.calcite.rex.RexDynamicParam, RexNode Digest: ?0
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
