|
|
Boost : |
From: Christopher Granade (cgranade_at_[hidden])
Date: 2006-05-26 07:03:23
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It seems to be a recurring problem that, in designing secure server-side
software, it is difficult to distinguish between variables containing
trusted and untrusted input. I would propose the addition of a library
to Boost that attempts to alleviate these kinds of issues by providing a
template for "trusted types," as well as methods that can be marked as
requiring trusted input.
For instance:
boost::trust::trusted<std::string> ts;
cin >> ts;
cout << ts.trusted(); // returns false
escape_string(ts);
cout << ts.trusted(); // returns true
foo(ts);
where foo() would have a prototype looking like:
void foo(boost::trust::trusted<std::string, MUST_TRUST> str);
I have not written any actual code to back up this idea, but rather
wanted to propose the idea to the list first. The idea for how this
would work hinges on trusted<T> offering two casting operators: one to
const T and one to T. Any use of the non-const cast would result in the
trust flag being set to untrusted. If anyone is interested, please let
me know. Thanks.
- --Christopher Granade
Note: Sorry if this post is received twice. The first didn't seem to go
through.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEduB70dXuuZr00J4RAgpCAKCO1z4OByvzRUc5oiVAKxfSH/2WOQCgpQM/
IUmUZl7us1on2N1kIPW8BRk=
=CX5j
-----END PGP SIGNATURE-----
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk