[ https://issues.apache.org/jira/browse/KYLIN-2696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16073816#comment-16073816 ]
Billy Liu commented on KYLIN-2696: ---------------------------------- Hi [~Auphyroc99], what's your commit id? When you set issue resolved, please update the patch or commit id, thanks. > Check SQL injection in model filter condition > --------------------------------------------- > > Key: KYLIN-2696 > URL: https://issues.apache.org/jira/browse/KYLIN-2696 > Project: Kylin > Issue Type: Bug > Reporter: Xiaqing Wang > Assignee: Xiaqing Wang > > We should check the model filter condition in case of someone make use of it > to do SQL injection to Hive. > Since it is a String embed into a WHERE clause, we simply forbid it to > include ';' character, except it is within a pair of quotations. -- This message was sent by Atlassian JIRA (v6.4.14#64029)