Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-10498

Sanitize database column and table names

    Details

    • Templates:
    • Story Points:
      1
    • Team:
      Data Access and Database

      Description

      The CameraMapper is typically backed by multiple registries (exposures, calibs, defects) which are databases. The database table names and column names that are used are set in configs, policy files and even on the command-line. Good database practise is to sanitize all user values before using in SQL, but this is something we currently neglect for the table and column names because there is no standard function to do the sanitizing. While currently there are much easier exploitation vectors in our code than SQL injection (e.g., put a shutil.rmtree("/", True) in a config), it would be good to conform to good database practises.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              price Paul Price
              Watchers:
              Andy Salnikov, Nate Pease, Paul Price
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel