I am using a user’s input to create a query string, and post it to my InfluxDb.
For example, I can have this query string:
“SELECT * FROM MyMeasurement WHERE FOO=BAR”
Where “BAR” is a parameter passed by the user. However, there doesn’t seem to be any protection if I replace “BAR” with “BAR; DROP MEASUREMENT MyMeasurement”. My InfluxDb code is not safe from Bobby Tables. Luckily, this code isn’t running on production yet.
So my question: does InfluxDb offer any kind of protection against this sort of behaviour? For example, can I set it to only allow 1 query per POST request? Or is there some sort of parameterized query system?