Code Review / aaa.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 1129518) | patch
Use prepareStatement() in UserStore.deleteUser() 43/103243/1
authorRobert Varga <robert.varga@pantheon.tech>
Wed, 16 Nov 2022 17:27:12 +0000 (18:27 +0100)
committerRobert Varga <robert.varga@pantheon.tech>
Wed, 16 Nov 2022 17:27:40 +0000 (18:27 +0100)
commit9b912d4d433469b83f097fa76e203d7b97f44552
tree285f4008625c09020d518f68c54b43d515d39ec6tree | snapshot
parent11295189db80dd45fb0c460d9e9cb3598ed7f229commit | diff
Use prepareStatement() in UserStore.deleteUser()

The conversion to prepared statements has not dealt with the delete
function, leaving the ability to wipe the entire UserStore with SQL
injection. Fix this by using a proper prepared statement.

JIRA: AAA-241
Change-Id: Ie3d9a8eae815fab457809f3d2cd3577d38bd0207
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java diff | blob | history
Authentication, Authorization, Accounting