SQL (CQL) Injection
74 views
Skip to first unread message
Puneet Khushwani
Jun 28, 2016, 4:15:34 PM6/28/16
to DataStax Ruby Driver for Apache Cassandra User Mailing List
Hi,
Based on my understanding of how Prepared Statements work, I think they sort of mitigate you from the risk of Injection.
Please correct me if I am wrong here or recommend any best practices.
Based on my understanding of how Prepared Statements work, I think they sort of mitigate you from the risk of Injection.
Please correct me if I am wrong here or recommend any best practices.
Sandeep Tamhankar
Jun 28, 2016, 5:14:59 PM6/28/16
to DataStax Ruby Driver for Apache Cassandra User Mailing List
Yeah, that's right. Prepared statements are also "a good thing" when you are running essentially the same query multiple times (possibly with different parameters) because the node doesn't have to parse CQL each time, improving performance. The trick there is that a prepared statement is prepared on one node, so if queries hit multiple nodes, they'll prepare on all of them before you experience the performance increase. Also, if multiple clients prepare the same statement, the node will share the prepared statement across the clients.
-Sandeep
Reply all
Reply to author
Forward
0 new messages