|
Boost : |
From: Rainer Deyke (rdeyke_at_[hidden])
Date: 2022-05-10 14:59:47
On 10.05.22 09:14, Richard Hodges via Boost wrote:
> The Boost formal review of the MySQL library starts Today, taking place
> from May 10th, 2022 to May 19th, 2022 (inclusive) - We are starting one day
> after the announced date and extending the period by one day to compensate.
I took a quick look, and my first impression is that the library doesn't
do enough to prevent SQL injection attacks. Yes, text queries are
convenient when the full query is known at compile-time. Yes, security
is ultimately the responsibility of those who use the API. Yes, this is
C++, where far worse security flaws are a constant threat. Even so,
connection::query gives me shivers.
-- Rainer Deyke (rainerd_at_[hidden])
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk