Document how Cube.js prevents SQL injection

cube-js / cube

📊 Cube — Universal semantic layer platform for AI, BI, spreadsheets, and embedded analytics

https://cube.dev

Other

17.97k stars 1.78k forks source link

Document how Cube.js prevents SQL injection #2836

Open mhd-adam opened 3 years ago

mhd-adam commented 3 years ago

General Question

I am just wondering whether CubeJs implementation is safe against SQL injections using the URL query parameter query? I tried to look into the documentation to read if it has been covered.

rongfengliang commented 3 years ago

cube.js use schema compile and sql query with buildparames (like java preparestatment) . i think cube.js is safe

mhd-adam commented 3 years ago

Thank you @rongfengliang! I think it is worth mentioning it in the documentation.

rchkv commented 3 years ago

Hey @mhd-adam 🤗 Thanks for your suggestion!

@hassankhan, what do you think about it? :)

hassankhan commented 3 years ago

@rchkv Sounds good, adding it to the backlog

@mhd-adam Thanks for your suggestion :raised_hands: