Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Are there any tools in Talend to protect against SQL injection attacks? Something like the PostgreSQL functions quote_literal and quote_ident functions.
I found a question from 2013 that doesn't have a satisfactory answer, seems baffling to me that this isn't standard functionality as rolling your own security is never a great idea.
I need to do this on Hive, which I don't think has prepared statements. Actually this isn't a pressing need right now, my strings are built by splitting on anything non-alphabetical so can't contain syntax, but I want to be prepared in case I need to query based on arbitrary input.
Yours sincerely,
Phil';drop table users;-- Hibbs
Talend Big Data isn't a user facing application. It is intended to be used by experienced developers to build back-end functionality. While I understand that sometimes that functionality will work based on inputs from users, I am not quite sure how automatic protection could be applied that wouldn't inhibit legitimate use cases that might require users to be able to supply their own SQL. Who says that "'1234' Union Select column from Table WHERE SomeRequirement ='something'" isn't a legitimate response to a WHERE Clause? Unlikely, granted. But developers being able to ensure safety here is as important as preventing NullPointerException scenarios.