fix security risk of SQL injection (#1121)

apache · Mar 27, 2024 · 4e68894 · 4e68894
1 parent 246ecee
commit 4e68894
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java b/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java
@@ -123,13 +123,17 @@ protected void configure() {
           }
         });
 
-    setupRestApiContextHandler(webApp, conf);
+    // There is a security risk of SQL injection here,
+    // note that the RESTful interface cannot be provided until this is resolved
+    // setupRestApiContextHandler(webApp, conf);
 
     // Cookie config
     setCookieConfig(webApp);
 
+    // There is a security risk of SQL injection here,
+    // note that the RESTful interface cannot be provided until this is resolved
     // Notebook server
-    setupNotebookServer(webApp, conf, sharedServiceLocator);
+    // setupNotebookServer(webApp, conf, sharedServiceLocator);
 
     // Cluster Server
     // Cluster Server is useless for submarine now. Shield it to improve performance.