Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
-
2017-37
Description
It is possible to bypass the masking performed by the masking filter by using a function.
E.g.
> select a from tbl;
|
+-------+
|
| a |
|
+-------+
|
| XXXXX |
|
+-------+
|
> select concat(a) from tbl;
|
+-----------+
|
| concat(a) |
|
+-----------+
|
| hello |
|
+-----------+
|
This can be prevented using the firewall filter, but that requires you to explicitly specify each and every function, which is quite unpractical.
With the firewall filter, it should be possible to easily
- block all functions, and
- whitelist specific functions.