feathers icon indicating copy to clipboard operation
feathers copied to clipboard

Published 20 hours ago verified publisher icon feathersjs

Check columns before query

Open strarsis opened this issue 3 years ago • 1 comments

When a parameter is used in a service query, a SQL error occurs:

BadRequest(400): select `items`.* from `items` where `nonexistingField` = 'test' - SQLITE_ERROR: no such column: nonexistingField

Can FeathersJS limit the allowed fields and columns to be used in the query before actually running a query?

Any column can be attempted from the outside, what if there is a column type that can be exploited?

strarsis avatar Mar 12 '22 15:03 strarsis

This can be solved using feathers-schema and its queryProperty helper function.

DaddyWarbucks avatar Apr 06 '22 21:04 DaddyWarbucks

Closing this since the best solution is indeed using schemas in a v5 app

daffl avatar Sep 16 '22 00:09 daffl