Opened 6 years ago

Last modified 3 years ago

#243 new Issue

IbisQ Issues

Reported by: Paul Leo Owned by: Paul Leo
Priority: +Medium Milestone: Needs Analysis
Component: IBIS-Q Version: 2.4
Severity: Unknown Keywords:
Cc: garth.braithwaite@…, ZLIU@…

Description (last modified by Garth Braithwaite)

There are some issues with IbisQ that could cause problems for busy sites. I have a doc in google docs that explains issues in detail. Please email me if you need more info.

Change History (3)

comment:1 Changed 6 years ago by Paul Leo

See also ticket #221

comment:2 Changed 5 years ago by Paul Leo

Priority: *High+Medium
Type: DefectIssue

The only values that get passed to IBIS-Q are user selected dimensions, hidden parameters, and group bys. The measure and charts or anything else are never submitted to IBIS-Q.

The way it works is this:

When a user submits a query the dimensions are checked. If the http request param matches a dimension then that value is checked against the valid values list for that dim. If doesn't 100% match it is discarded.

If the param matches a DIMENSION/NAME and which is a proxy this name is also passed through. Again the value has to match a defined valid NAME.

If the dim has the DYNAMIC_VALUES_FLAG flag then anything entered will be sent to IBIS-Q.

If the param matches a PARAM/NAME and that PARAM has the HIDDEN_INPUT_FLAG element then that value can also be anything and will be sent to IBIS-Q.

A regex string validator has been implemented that screens submissions for permissable characters. This may be modified by adopters

Another option is to code the QM to NOT allow for HIDDEN_INPUT_FLAG params and NOT to use the DYNAMIC_VALUES_FLAG

comment:3 Changed 3 years ago by Garth Braithwaite

Description: modified (diff)
Version: Unknown2.4
Note: See TracTickets for help on using tickets.