Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.0
    • Component/s: Service - JDBC
    • Labels:
      None

      Description

      Data taken from user input operations, CREATE, READ, UPDATE, DELETE, SEARCH, etc. should be checked for valid characters. The input should be "cleaned" before it is used within a SQL statement. This is needed to reduce the risk of SQL injection attacks.

        Activity

        Hide
        Scott Fehrman added a comment -

        checked in changes to JdbcOperations and QueryConverter.

        Show
        Scott Fehrman added a comment - checked in changes to JdbcOperations and QueryConverter.
        Hide
        Scott Fehrman added a comment -

        change has been checked in.

        Show
        Scott Fehrman added a comment - change has been checked in.
        Hide
        Scott Fehrman added a comment -

        added the ":" (colon) and "/" (slash) characters. These are being used by the JDBC image upload ... the mimeType attribute contains a "slash" (image/jpeg) and the timestamp attribute contains a "colon" (09:05:23)

        Show
        Scott Fehrman added a comment - added the ":" (colon) and "/" (slash) characters. These are being used by the JDBC image upload ... the mimeType attribute contains a "slash" (image/jpeg) and the timestamp attribute contains a "colon" (09:05:23)
        Hide
        Terry Sigle added a comment -

        Tested and verified complete.

        Show
        Terry Sigle added a comment - Tested and verified complete.

          People

          • Assignee:
            Scott Fehrman
            Reporter:
            Scott Fehrman
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: