You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Lorenz Quack (JIRA)" <ji...@apache.org> on 2016/12/16 16:19:58 UTC
[jira] [Comment Edited] (QPID-7558) [Java Broker] Allow Multiple
JDBC Virtual Hosts / Message Stores to share the same database
[ https://issues.apache.org/jira/browse/QPID-7558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15754773#comment-15754773 ]
Lorenz Quack edited comment on QPID-7558 at 12/16/16 4:19 PM:
--------------------------------------------------------------
I believe this introduces a SQL injection vulnerability. :(
I think I would be in favour of whitelisting allowed values for the prefix to something like [a-zA-Z_0-9]*
was (Author: lorenz.quack):
I believe this introduces a SQL injection vulnerability. :(
I think I would be in favour of whitelisting allowed values for the prefix to something like [a-zA-Z_0-9]
> [Java Broker] Allow Multiple JDBC Virtual Hosts / Message Stores to share the same database
> -------------------------------------------------------------------------------------------
>
> Key: QPID-7558
> URL: https://issues.apache.org/jira/browse/QPID-7558
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Rob Godfrey
> Fix For: qpid-java-6.2
>
>
> As per the e-mail discussion on the users list [here|http://mail-archives.apache.org/mod_mbox/qpid-users/201611.mbox/%3CCACMpbT81LATE1d2M4L%2B%3D1uq_CDPnx8y56Md0w362xS54-yGVeg%40mail.gmail.com%3E] it may sometimes be useful for the user to be able to configure a JDBC store to use a per-instance table name prefix to allow multiple instances to be run against the same database/schema.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org