You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@madlib.apache.org by GitBox <gi...@apache.org> on 2019/10/21 18:30:36 UTC

[GitHub] [madlib] orhankislal commented on issue #452: DL: Remove quote_ident to allow tables on schemas

orhankislal commented on issue #452: DL: Remove quote_ident to allow tables on schemas
URL: https://github.com/apache/madlib/pull/452#issuecomment-544646689
 
 
   I have added a test with a special character in table name. 
   I am not sure if we actually have a sql injection risk in this case. The very first case these user-defined strings get used in a sql query is in the table exists function. There, we put the string in quotes before checking against pg_namespace. Since it is treated as a string, not a sql command, I think the check will fail before we execute anything else.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services