Our New Observability Platform for 100B Logs

(blog.railway.app)

11 points | by creativedg 806 days ago

2 comments

maxwellg 806 days ago
Nice launch!
The SQL snippet shared [1] gives me the heebie jeebies. If any one of those where clauses contains user-generated data, that's ripe for a SQL injection vulnerability. `fmt.Sprintf` and SQL almost never belong together.
1 - https://blog.railway.app/_next/image?url=https%3A%2F%2Fres.c...
[-]
- gschier 806 days ago
  Don't worry, the generated "whereClauses" also contain replacement markers (values contained in "params") so everything gets escaped correctly.
gschier 806 days ago
Hey, OP here! We just spent the past 8+ months rebuilding our DIY logging stack on top of ClickHouse. Happy to answer any questions!