You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kylin.apache.org by "Xiaqing Wang (JIRA)" <ji...@apache.org> on 2017/06/29 06:36:00 UTC

[jira] [Created] (KYLIN-2696) Check SQL injection in model filter condition

Xiaqing Wang created KYLIN-2696:
-----------------------------------

             Summary: Check SQL injection in model filter condition
                 Key: KYLIN-2696
                 URL: https://issues.apache.org/jira/browse/KYLIN-2696
             Project: Kylin
          Issue Type: Bug
            Reporter: Xiaqing Wang


We should check the model filter condition in case of someone make use of it to do SQL injection to Hive. 

Since it is a String embed into a WHERE clause, we simply forbid it to include ';' character, except it is within a pair of quotations. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)