[jira] [Comment Edited] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder

Manthan Surkar (Jira) Wed, 01 Jul 2020 04:55:00 -0700


    [ 
https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17149358#comment-17149358
 ]


Manthan Surkar edited comment on FINERACT-1058 at 7/1/20, 11:53 AM:
--------------------------------------------------------------------

[~vorburger] I have noticed a problem, our final aim here is to remove all use 
of validateSQLinput function (right?), in that case, we cannot use the function 
  *this.columnValidator.validateSqlInjection(sqlBuilder.toString(), 
parameters.orderBySql());*  Since this function then calls validateSQLinput, 
(which is the current implementation) also this happens in audit trails (Which 
we initially fixed and I am taking it as a base to work for other sections).

Should I be focused on removing validateSqlInjection function ( which calls 
validateSQLinput)?(which then would mean changes in about 25-30 files, 
converting all order by and limit as called by the new approach? or just clean 
up the use of extra criteria with prepared statements (which was done with 
audit trails?)





was (Author: manthan):
[~vorburger] I have noticed a problem, our final aim here is to remove all use 
of validateSQLinput function (right?), in that case, we cannot use the function 
  *this.columnValidator.validateSqlInjection(sqlBuilder.toString(), 
parameters.orderBySql()); * Since this function then calls validateSQLinput, 
(which is the current implementation) also this happens in audit trails (Which 
we initially fixed and I am taking it as a base to work for other sections).

Should I be focused on removing validateSqlInjection function ( which calls 
validateSQLinput)?(which then would mean changes in about 25-30 files, 
converting all order by and limit as called by the new approach? or just clean 
up the use of extra criteria with prepared statements (which was done with 
audit trails?)




> Add support for "limit" and "order by" query in SQLBuilder 
> -----------------------------------------------------------
>
>                 Key: FINERACT-1058
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1058
>             Project: Apache Fineract
>          Issue Type: Improvement
>            Reporter: Manthan Surkar
>            Assignee: Manthan Surkar
>            Priority: Major
>             Fix For: 1.4.0
>
>         Attachments: screenshot-1.png
>
>
> This is in continuation of the work done by [~vorburger] in 
> https://github.com/apache/fineract/pull/725 
> The SQL builder currently does not support limit and order by operation. We 
> can either keep the operations independent of SQLbuilder (which is certainly 
> not recommended imo) or add it as a part of it.
> WDYT [~vorburger] [~awasum]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Comment Edited] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder

Reply via email to