Boost :

From: Jorge Lodos (lodos_at_[hidden])
Date: 2007-03-19 08:31:50

• Next message: Zach Laine: "Re: [boost] [serialization] Support for multiple class name strings"
• Previous message: Paul Giaccone: "Re: [boost] Anyone downloaded the sorting library from vault?"
• In reply to: Lyfar Dmitriy: "Re: [boost] SQL library with full embedded SQL-syntax"
• Next in thread: Phil Endecott: "Re: [boost] SQL library with full embedded SQL-syntax"

Lyfar Dmitriy wrote:

> > Jorge Lodos wrote:
> > Sorry, I don't see how any of this applies -- just because
> the SQL is
> > a
> string
> > doesn't mean it comes from an untrusted source. And,
> programmers that
> don't
> > validate input from untrusted sources deserve what they get....
>

It wasn't me who wrote that. Moreover, I disagree. Documenting all input
path and following them to make sure that all input data is correctly
validated is not a trivial task even in medium size projects. I'll rather
play safe and add another security step. It is not that input validation is
not needed, but that in case of incorrect validation the users of your
program won't suffer.

Best regards
Jorge

• Next message: Zach Laine: "Re: [boost] [serialization] Support for multiple class name strings"
• Previous message: Paul Giaccone: "Re: [boost] Anyone downloaded the sorting library from vault?"
• In reply to: Lyfar Dmitriy: "Re: [boost] SQL library with full embedded SQL-syntax"
• Next in thread: Phil Endecott: "Re: [boost] SQL library with full embedded SQL-syntax"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk