[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Status: Open (was: Patch Available) > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug > Components: Hive >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch, HIVE-20551.02.patch, > HIVE-20551.03.patch, HIVE-20551.04.patch, HIVE-20551.05.patch, > HIVE-20551.06.patch, HIVE-20551.07.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Attachment: HIVE-20551.07.patch > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug > Components: Hive >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch, HIVE-20551.02.patch, > HIVE-20551.03.patch, HIVE-20551.04.patch, HIVE-20551.05.patch, > HIVE-20551.06.patch, HIVE-20551.07.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Attachment: HIVE-20551.06.patch > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug > Components: Hive >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch, HIVE-20551.02.patch, > HIVE-20551.03.patch, HIVE-20551.04.patch, HIVE-20551.05.patch, > HIVE-20551.06.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Attachment: HIVE-20551.05.patch > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug > Components: Hive >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch, HIVE-20551.02.patch, > HIVE-20551.03.patch, HIVE-20551.04.patch, HIVE-20551.05.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Attachment: HIVE-20551.04.patch > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug > Components: Hive >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch, HIVE-20551.02.patch, > HIVE-20551.03.patch, HIVE-20551.04.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Component/s: Hive > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug > Components: Hive >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch, HIVE-20551.02.patch, > HIVE-20551.03.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Attachment: HIVE-20551.03.patch > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch, HIVE-20551.02.patch, > HIVE-20551.03.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Attachment: HIVE-20551.02.patch > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch, HIVE-20551.02.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Status: Patch Available (was: Open) > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Attachment: HIVE-20551.01.patch > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20551.01.patch > > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HIVE-20551) Create PreparedStatement query dynamically when IN clause is used
[ https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Pinter updated HIVE-20551: - Description: In the MetaStoreDirectSql class when IN clause is used, the query statement is created via string concatenation. Since JDBC API allows only one literal for one “?” parameter, PreparedStatement doesn’t work for IN clause queries. To create the PreparedStatement query dynamically based on the size of the elements in IN clause, the makeParams() should be used instead of concatenation. was: In the MetaStoreDirectSql class when IN clause is used, the query statement is created via string concatenation, meaning that an attacker could change the statement meaning or insert arbitrary SQL commands. Since JDBC API allows only one literal for one “?” parameter, PreparedStatement doesn’t work for IN clause queries. To create the PreparedStatement query dynamically based on the size of the elements in IN clause, the makeParams() should be used instead of concatenation. > Create PreparedStatement query dynamically when IN clause is used > - > > Key: HIVE-20551 > URL: https://issues.apache.org/jira/browse/HIVE-20551 > Project: Hive > Issue Type: Bug >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > > In the MetaStoreDirectSql class when IN clause is used, the query statement > is created via string concatenation. > Since JDBC API allows only one literal for one “?” parameter, > PreparedStatement doesn’t work for IN clause queries. To create the > PreparedStatement query dynamically based on the size of the elements in IN > clause, the makeParams() should be used instead of concatenation. -- This message was sent by Atlassian JIRA (v7.6.3#76005)