Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warning about injection attacks #15

Open
brynnbp opened this issue Jun 21, 2016 · 1 comment
Open

Warning about injection attacks #15

brynnbp opened this issue Jun 21, 2016 · 1 comment

Comments

@brynnbp
Copy link

brynnbp commented Jun 21, 2016
edited
Loading

Your comment in the README:

A more thorough SQL injection security review

Had given me the impression that there was preventative measures already in place to prevent injection. Thankfully I reviewed the code before deploying, and saw that the only thing sanitized is the search string. Some people, even without reading the above comment, might not think to check for injection because they're used to working with ORMs, and might make assumptions about node-datatable having similar features.

Might be overkill, but might also not hurt to have a disclaimer in the API section saying

When using user-provided values as data for any part of the query, be sure to sanitize it first
@bean5
Copy link

bean5 commented Jul 24, 2024
edited
Loading

@brynnbp can you make a PR that updates the README or API as proposed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bean5 @brynnbp