Cluster Hardening

Avoiding SQL Injections

SQL injections are a common type of attack of databases. GridGain is protected from most common types of SQL injections, however the attackers may try to find a weak spot not yet covered. To reduce the risk, it is recommended to use parametrized queries.

If you are using the Java SQL API, use parametrized queries instead of plain text queries:

IgniteCache<Long, Person> cache = ignite.cache("personCache");

cache.query(new SqlFieldsQuery("INSERT INTO Person(id, firstName, lastName) VALUES(?, ?, ?)").setArgs(1L,
		"John", "Smith")).getAll();

This way, GridGain treats each argument as a separate entity with a specific column to store it in, removing the threat of separate arguments forming malicious code.

If you are using JDBC, you can use PreparedStatements to achieve the same result:

// Insert a Person with a Long key.
PreparedStatement stmt = conn
        .prepareStatement("INSERT INTO Person(_key, name, age) VALUES(CAST(? as BIGINT), ?, ?)");

stmt.setInt(1, 1);
stmt.setString(2, "John Smith");
stmt.setInt(3, 25);

stmt.execute();

© 2024 GridGain Systems, Inc. All Rights Reserved. Privacy Policy | Legal Notices. GridGain® is a registered trademark of GridGain Systems, Inc.
Apache, Apache Ignite, the Apache feather and the Apache Ignite logo are either registered trademarks or trademarks of The Apache Software Foundation.

Last updated on Apr 25, 2024