[jira] [Commented] (HIVE-16035) Investigate potential SQL injection vulnerability in Hive

Vihang Karajgaonkar (JIRA) Fri, 24 Feb 2017 13:41:09 -0800

    [ 
https://issues.apache.org/jira/browse/HIVE-16035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15883568#comment-15883568
 ]


Vihang Karajgaonkar commented on HIVE-16035:
--------------------------------------------

Thanks [~thejas] I was not aware. I tried closing this but there is no "close" 
option. Resolved it as Invalid for now.

> Investigate potential SQL injection vulnerability in Hive
> ---------------------------------------------------------
>
>                 Key: HIVE-16035
>                 URL: https://issues.apache.org/jira/browse/HIVE-16035
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>            Reporter: Vihang Karajgaonkar
>            Assignee: Vihang Karajgaonkar
>
> Some of the queries in ObjectStore and MetastoreDirectSql classes append 
> Strings variables directly to the query text. This JIRA is to investigate the 
> possible vulnerabilities and fix them using parameterized queries.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (HIVE-16035) Investigate potential SQL injection vulnerability in Hive

Reply via email to