Timeline for PreparedStatement with table name
Current License: CC BY-SA 4.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 10 at 18:21 | comment | added | Bill Naylor | Not quite sure how your system is configured. But! I would encrypt all the values, which the application would ingest. Then set it lose! | |
| Feb 14, 2021 at 11:22 | history | edited | Mark Rotteveel | CC BY-SA 4.0 | deleted 33 characters in body |
| Feb 13, 2021 at 23:20 | answer | added | Bill Naylor | timeline score: 0 | |
| Feb 13, 2021 at 22:58 | answer | added | rzwitserloot | timeline score: 1 | |
| Feb 13, 2021 at 22:47 | answer | added | Dragos Ionut | timeline score: 0 | |
| Feb 13, 2021 at 22:44 | answer | added | lkatiforis | timeline score: 1 | |
| Feb 13, 2021 at 22:44 | comment | added | khelwood | How about you check that the tableName has an appropriate value? Like you can check it is just an SQL identifier, not any kind of more complex expression; or you can check it is one of some known set of permitted table names. | |
| Feb 13, 2021 at 22:38 | comment | added | njzk2 | why is the table name variable? don't you know in which table the config is? | |
| Feb 13, 2021 at 22:36 | history | asked | Daniel Moreno Alcubilla | CC BY-SA 4.0 |