You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@chukwa.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2009/04/08 22:52:13 UTC
[jira] Created: (CHUKWA-108) Use prepared statement to prevent sql
injection attacks
Use prepared statement to prevent sql injection attacks
-------------------------------------------------------
Key: CHUKWA-108
URL: https://issues.apache.org/jira/browse/CHUKWA-108
Project: Hadoop Chukwa
Issue Type: Improvement
Components: Data Processors
Reporter: Eric Yang
To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CHUKWA-108) Use prepared statement to prevent sql
injection attacks
Posted by "Eric Yang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Yang updated CHUKWA-108:
-----------------------------
Attachment: CHUKWA-108.patch
This patch contains generic prepare statement interface to SQL. The front end user interface is also converted to use prepare statement for SQL queries.
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Reporter: Eric Yang
> Assignee: Eric Yang
> Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CHUKWA-108) Use prepared statement to prevent
sql injection attacks
Posted by "Mac Yang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12708684#action_12708684 ]
Mac Yang commented on CHUKWA-108:
---------------------------------
this is for trunk
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Reporter: Eric Yang
> Assignee: Eric Yang
> Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CHUKWA-108) Use prepared statement to prevent
sql injection attacks
Posted by "Terence Kwan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12708645#action_12708645 ]
Terence Kwan commented on CHUKWA-108:
-------------------------------------
it builds and looks good +1.
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Reporter: Eric Yang
> Assignee: Eric Yang
> Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CHUKWA-108) Use prepared statement to prevent sql
injection attacks
Posted by "Eric Yang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Yang updated CHUKWA-108:
-----------------------------
Affects Version/s: 0.2.0
Status: Patch Available (was: Open)
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Affects Versions: 0.2.0
> Reporter: Eric Yang
> Assignee: Eric Yang
> Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CHUKWA-108) Use prepared statement to prevent
sql injection attacks
Posted by "Ari Rabkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12708675#action_12708675 ]
Ari Rabkin commented on CHUKWA-108:
-----------------------------------
Is this for trunk or for 0.1.2?
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Reporter: Eric Yang
> Assignee: Eric Yang
> Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CHUKWA-108) Use prepared statement to prevent
sql injection attacks
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12716957#action_12716957 ]
Hudson commented on CHUKWA-108:
-------------------------------
Integrated in Chukwa-trunk #45 (See [http://hudson.zones.apache.org/hudson/job/Chukwa-trunk/45/])
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Affects Versions: 0.2.0
> Reporter: Eric Yang
> Assignee: Eric Yang
> Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CHUKWA-108) Use prepared statement to prevent
sql injection attacks
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709175#action_12709175 ]
Hudson commented on CHUKWA-108:
-------------------------------
Integrated in Chukwa-trunk #24 (See [http://hudson.zones.apache.org/hudson/job/Chukwa-trunk/24/])
. Changed frontend SQL queries to use prepare statement. (Eric Yang)
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Affects Versions: 0.2.0
> Reporter: Eric Yang
> Assignee: Eric Yang
> Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (CHUKWA-108) Use prepared statement to prevent sql
injection attacks
Posted by "Eric Yang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Yang reassigned CHUKWA-108:
--------------------------------
Assignee: Eric Yang
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Reporter: Eric Yang
> Assignee: Eric Yang
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CHUKWA-108) Use prepared statement to prevent sql
injection attacks
Posted by "Eric Yang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CHUKWA-108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Yang updated CHUKWA-108:
-----------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
I just committed this, thanks Terence.
> Use prepared statement to prevent sql injection attacks
> -------------------------------------------------------
>
> Key: CHUKWA-108
> URL: https://issues.apache.org/jira/browse/CHUKWA-108
> Project: Hadoop Chukwa
> Issue Type: Improvement
> Components: Data Processors
> Affects Versions: 0.2.0
> Reporter: Eric Yang
> Assignee: Eric Yang
> Attachments: CHUKWA-108.patch
>
>
> To prevent SQL Injection attacks, you should use prepared statements. There are many places where the SQL query is executed and in atleast a couple of places the input parameter from the user is used in the query. (metric in web/hicc/jsp/single-series-chart-javascript.jsp") though in many places the parameters in the select statement do not seem to come from the user input.
> Please use prepared statement consistently to prevent sql injection attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.