Bug 528918

Cause: QN-UnQ

Evidence: "If the field being passed to match() is ID_FIELD, then this field is safe, and there is no need to validate it", comment 6

Fix: BQ

Bypass the query under some conditions

Interesting Finding:

Performance may not be as important as security
"No, definitely not, this regresses a major security fix--a severe SQL injection in the WebService."

Different developer may have different levels of acceptable performance
- "you're talking about the difference between 144ms and 110ms, a totally insignificant number to a Bugzilla user"
- "One single change is probably not going to make Bugzilla much faster. But the addition of several fixes is"

Page updated

Google Sites

Report abuse