SQL injection possible in create_hypertable/3

Question

SQL injection possible in create_hypertable/3

Closed this issue 2 years ago · 2 comments

The risk here is so minimal because I doubt there's anyone creating tables from user input :) However, i do think we should be properly escaping any data into queries.

https://github.com/bitfo/timescale/blob/main/lib/timescale/migration.ex#L35

Answer 1 · 2022-08-29T14:51:41.000Z

Leaving this issue open until we address the enable_hypertable_compression migration

enabled_hypertable_compression
add_compression_policy
create_hypertable

Answer 2 · 2022-08-29T15:26:26.000Z

Closing this one out in favor of #4 as there is some work specific to enabled_hypertable_compression that needs to be done.