Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[feature] Add allowMultiQueries Option to MySqlConnectionConfiguration #291

Open
tjdskaqks opened this issue Nov 4, 2024 · 4 comments
Open

[feature] Add allowMultiQueries Option to MySqlConnectionConfiguration #291

tjdskaqks opened this issue Nov 4, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@tjdskaqks
Copy link

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

It is currently not possible to use the allowMultiQueries option in MySqlConnectionConfiguration.

Describe the solution you'd like
Please add an option to specify allowMultiQueries in ConnectionFactoryOptions or MySqlConnectionConfiguration.

Additional context
Add any other context or screenshots about the feature request here.

Code Example:

            val connectionFactory =
                MySqlConnectionFactory.from(
                    MySqlConnectionConfiguration.builder()
                        .host(url)
                        .username(username)
                        .password(password)
                        .database(dbname)
                        .sslMode(SslMode.DISABLED)
                        .port(port)
                        .allowMultiQueries(false) // <-
                        .build(),
                )
@jchrys
Copy link
Collaborator

jchrys commented Nov 5, 2024
edited
Loading

Even now, multi queries are supported when using client-side prepared queries(default).
Do you perhaps not want to allow multi queries? Could you please explain your use case in more detail?

@tjdskaqks
Copy link
Author

Yes, because I don't want to allow multiple queries. I want to prevent SQL injection vulnerabilities, so it would be nice to have an option.

@jchrys
Copy link
Collaborator

jchrys commented Nov 6, 2024
edited
Loading

You're safe from SQL injection when you write static SQL and bind parameters using Statement#bind. However, in case you find any vulnerabilities, please report them via security.
That said, you make a valid point—utilizing the allowMultiQueries flag can help reduce the attack surface.
Thanks!

@jchrys jchrys added the enhancement New feature or request label Nov 6, 2024
@jchrys jchrys added this to the Next milestone Nov 6, 2024
@tjdskaqks
Copy link
Author

Thank you.

@jchrys jchrys removed this from the 1.4.0 milestone Feb 16, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tjdskaqks @jchrys