{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 forever°为你锁心 的问题《NoSQL Injection? (PHP->phpcassa->Cassandra)》','https://www.manongdao.com/q-1378569.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Anyone familiar enough with the Cassandra engine (via PHP using phpcassa lib) to know offhand whether there's a corollary to the sql-injection attack vector? If so, has anyone taken a stab at establishing best practices to thwart them? If not, would anyone like to ; )
相关问题
- Date with SimpleDateFormat in Java
- What version of Java does Cassandra 3 require
- Filter from Cassandra table by RDD values
- RegEx Max and Min length characters for a Text Box
- what's wrong in my URL validation Regex using
相关文章
- Angular Material Stepper causes mat-formfield to v
- Cassandra Read a negative frame size
- Why doesn't Django enforce my unique_together
- X/Html Validator in PHP
- Using CascadeMode.StopOnFirstFailure on a validato
- DDD Domain Model Complex Validation
- Laravel validator `required` fails for empty strin
- Magento, translate validation error messages
An update - Cassandra v0.8 introduced CQL, which might have brought with it the possibility of injection attacks. However:
Prepared statements were then introduced in Cassandra v1.1.0, which help to prevent such attacks.
Furthermore, see this posting which explains features of CQL that make it resistant to injection, including:
No. The Thrift layer used by phpcassa is an rpc framework, not based on string parsing.