Boost logo

Boost :

From: Stephen Dolan (stedolan2_at_[hidden])
Date: 2006-04-29 16:45:13


Not a full review, just a comment:

The proposed property tree library uses a small internal language which is
passed to the various functions, for instance:

file = ptree.get<std::string>("config.filename");

Personally, I don't think its a good idea to define new syntaxes and pass
them around as strings. It would be a bit more effort to implement, but I
think (something like) the following would be preferable:

file = ptree.get<std::string>["config"]["filename"]

I'm thinking largely of the dangers of passing a user-supplied string as
part of the path, as in get<std::string>("config."+prop_name); since this
can lead to insecurities as the query language gets more powerful. (e.g. sql
injection in php and other languages, people exploiting perl scripts by
passing carefully crafted strings which work their way into an eval, etc).
Also, there is an additional runtime overhead in parsing the string, which
can be avoided by doing it at compile-time using C++'s native syntax.

Apart from that, it seems useful and worthy of inclusion in Boost.


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk