Sanitize SQL input binds against unicode key and values #9207
Labels
Milestone
Comments
This was referenced May 17, 2019
|
It's been more than 2 years this issue was opened, and still no final agreement was reached. DBS is also going to move to Golang technology, so I consider this issue to be no longer relevant. Please, feel free to reopen it if needed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Not sure we also need to cast the keys, but if we want to make sure it won't cause problem in the future (until we migrate to python3), then we better cast both. Change should go as lower level as possible, somewhere like here:
https://github.com/dmwm/WMCore/blob/master/src/python/WMCore/Database/DBCore.py#L123
Issue discussed in many places, like:
dmwm/DBS#606
dmwm/DBS#605 (comment)
By the way, with this change in place, it means we no longer need to sanitize the SQL output results, as done here:
https://github.com/dmwm/WMCore/blob/master/src/python/WMCore/Database/DBFormatter.py#L99
The text was updated successfully, but these errors were encountered: