Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure query strings and filters cannot be used for SQL attacks #902

Closed
whisperity opened this issue Sep 12, 2017 · 1 comment
Closed

Make sure query strings and filters cannot be used for SQL attacks #902

whisperity opened this issue Sep 12, 2017 · 1 comment
Assignees
@csordasmarton @gyorb
Labels
database 🗄️ Issues related to the database schema.
Milestone
release 6.2

Comments

@whisperity
Copy link
Contributor

whisperity commented Sep 12, 2017
edited
Loading

Such as where the run (and product name) filter is accepted from the user.

Also, in these cases with string matching, _ should match the literal, not the SQL syntax char for "single arbitrary character".
@whisperity whisperity added this to the release 6.0 milestone Sep 12, 2017
@whisperity whisperity added the database 🗄️ Issues related to the database schema. label Sep 12, 2017
@dkrupp dkrupp modified the milestones: release 6.0, release 6.1 Sep 18, 2017
@csordasmarton csordasmarton mentioned this issue Oct 26, 2017
Merged
@csordasmarton
Copy link
Contributor

"If you have any "special" characters (such as semicolons or apostrophes) in your data, they will be automatically quoted for you by the SQLEngine object, so you don't have to worry about quoting. This also means that unless you deliberately bypass SQLAlchemy's quoting mechanisms, SQL-injection attacks are basically impossible." (Link: http://www.rmunn.com/sqlalchemy-tutorial/tutorial.html)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@csordasmarton csordasmarton

@gyorb gyorb

Labels
database 🗄️ Issues related to the database schema.
Projects
None yet
Milestone
release 6.2
Development

No branches or pull requests
4 participants
@whisperity @csordasmarton @dkrupp @gyorb