Cloudera Community
s_ribich95
user rank
New Contributor

Re: Nifi ExecuteSQL prepared statements to prevent...

by New Contributor in Support Questions
‎10-20-2017 05:39 PM
1 Kudo
‎10-20-2017 05:39 PM
1 Kudo
@Shu For example, the PutSQL documentation states the following: The SQL command may use the ? to escape parameters. In this case, the parameters to use must exist as FlowFile attributes with the naming convention sql.args.N.type and sql.args.N.value, where N is a positive integer. The sql.args.N.type is expected to be a number indicating the JDBC Type. The content of the FlowFile is expected to be in UTF-8 format. This allows SQL to be escaped, preventing attacks such as SQL Injection. Unfortunately, ExecuteSQL does not contain the same functionality. As a result, SELECT statements are vulnerable to SQL injection. I'd like to know if there is a known workaround, or if we must just wait until this functionality is implemented. ... View more

Nifi ExecuteSQL prepared statements to prevent SQL...

by New Contributor in Support Questions
‎09-28-2017 08:17 PM
‎09-28-2017 08:17 PM
In creating a Nifi flow, I noticed ExecuteSQL does not support prepared statements like PutSQL does. Is there a reason for this? Is there a method to get around it besides creating my own processor which adds the functionality? ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎10-20-2017 05:48 PM
Community Statistics
Member Since ‎09-28-2017 08:11 PM
Last Visited ‎10-20-2017 05:48 PM
Posts 2
Kudos received 1