[jira] [Created] (KYLIN-2696) Check SQL injection in model filter condition

Xiaqing Wang (JIRA) Wed, 28 Jun 2017 23:36:13 -0700

Xiaqing Wang created KYLIN-2696:
-----------------------------------

             Summary: Check SQL injection in model filter condition
                 Key: KYLIN-2696
                 URL: https://issues.apache.org/jira/browse/KYLIN-2696
             Project: Kylin
          Issue Type: Bug
            Reporter: Xiaqing Wang



We should check the model filter condition in case of someone make use of it to 
do SQL injection to Hive. 

Since it is a String embed into a WHERE clause, we simply forbid it to include 
';' character, except it is within a pair of quotations. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (KYLIN-2696) Check SQL injection in model filter condition

Reply via email to