You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Used to avoid SQL-style injection attacks; I'll need to uproot all of the query construction code to do this, though, so it's a bit messy. Also requires the most up-to-date version of influxdb-python, v5.2.2 or greater.
The text was updated successfully, but these errors were encountered:
astrobokonon
changed the title
Update influxdb queries to use 'bind_params'
Update bokehmcbokehface's influxdb queries to use 'bind_params'
May 7, 2019
astrobokonon
changed the title
Update bokehmcbokehface's influxdb queries to use 'bind_params'
Update bokeh's influxdb queries to use 'bind_params'
Jun 3, 2019
Looking at this again just now, I'm punting this to much later. It's high priority, but the underlying changes to the influxdb-python client seem to be not done yet.
The current implementation of bind_params is still undocumented (or, minimally documented) and only works in the WHERE clause. I can prepare pre-made/hardcoded queries, but that's a lot of work and I'd rather just wait to let more examples develop before I dive in...especially since my query constructor does still work, and our exposure is pretty minimal.
As a mitigation, I should work on getting the permissions back into the database. That would at least theoretically protect from stupid injection attacks.
Used to avoid SQL-style injection attacks; I'll need to uproot all of the query construction code to do this, though, so it's a bit messy. Also requires the most up-to-date version of influxdb-python, v5.2.2 or greater.
The text was updated successfully, but these errors were encountered: