Code Review / aaa.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 3ccc1ca) | patch
Use prepareStatement() in UserStore.deleteUser() 72/103272/1
authorRobert Varga <robert.varga@pantheon.tech>
Wed, 16 Nov 2022 17:27:12 +0000 (18:27 +0100)
committerRobert Varga <robert.varga@pantheon.tech>
Wed, 16 Nov 2022 17:53:17 +0000 (18:53 +0100)
commit5fd03f1f7074bbff907876e0853f8202076e7152
tree013afe644d2874d66024d3eafee7e127cd414a6ctree | snapshot
parent3ccc1cadc6b40abedc8a65226eefa09c080a9b23commit | diff
Use prepareStatement() in UserStore.deleteUser()

The conversion to prepared statements has not dealt with the delete
function, leaving the ability to wipe the entire UserStore with SQL
injection. Fix this by using a proper prepared statement.

JIRA: AAA-241
Change-Id: Ie3d9a8eae815fab457809f3d2cd3577d38bd0207
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
(cherry picked from commit 9b912d4d433469b83f097fa76e203d7b97f44552)
aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java diff | blob | history
Authentication, Authorization, Accounting