Martin Mucha has posted comments on this change. Change subject: core,restapi: removed separator inconsistency, removed duplicates. ......................................................................
Patch Set 2: Liran Zelkha: that's theoretically possible, I cannot tell the impact on our code. But what we actually should do, is drop all sql injection checking. Because in that code, just look at its complexity, there's a security error somewhere. It's certain. If any effort is put into this, it should be used for altering generated queries to use variables, which, if I'm not mistaken, handles sql injection. It's not a problem to have a user with username "' or 1=1". He's a weirdo, ok, but it's safe compared to have manual sql injection checks and compound queries. -- To view, visit http://gerrit.ovirt.org/28343 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Id2c72e0527f084e1453da7f720a23fe84dd94db6 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Martin Mucha <mmu...@redhat.com> Gerrit-Reviewer: Eli Mesika <emes...@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Liran Zelkha <lzel...@redhat.com> Gerrit-Reviewer: Martin Mucha <mmu...@redhat.com> Gerrit-Reviewer: Moti Asayag <masa...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
