Issue 11216

Prevent SQL injection in downloads

11216
Reporter: lfrancke
Type: Improvement
Summary: Prevent SQL injection in downloads
Description: When generating our WHERE clause from the download predicate we need to make sure to escape everything properly to prevent any kind of SQL injection.
Priority: Major
Resolution: Fixed
Status: Closed
Created: 2012-05-22 11:46:09.109
Updated: 2017-10-06 15:28:18.285
Resolved: 2017-10-06 15:28:18.268


Author: mdoering@gbif.org
Comment: can unintentional changes to the data be resolved by using restrictive user rights instead? If no data can be changed sql injection wont do any harm, would it? [~lfrancke@gbif.org], any concrete things we should watch out for?
Created: 2013-01-15 13:48:34.1
Updated: 2013-01-15 13:48:34.1