Boost :

From: Rainer Deyke (rdeyke_at_[hidden])
Date: 2022-05-10 14:59:47

• Next message: Phil Endecott: "Re: Boost MySQL Review Starts Today"
• Previous message: Richard Hodges: "Boost MySQL Review Starts Today"
• In reply to: Richard Hodges: "Boost MySQL Review Starts Today"
• Next in thread: Ruben Perez: "Re: Boost MySQL Review Starts Today"
• Reply: Ruben Perez: "Re: Boost MySQL Review Starts Today"
• Reply: Rainer Deyke: "Re: Boost MySQL Review Starts Today"
• Maybe reply: Ruben Perez: "Re: Boost MySQL Review Starts Today"

On 10.05.22 09:14, Richard Hodges via Boost wrote:
> The Boost formal review of the MySQL library starts Today, taking place
> from May 10th, 2022 to May 19th, 2022 (inclusive) - We are starting one day
> after the announced date and extending the period by one day to compensate.
I took a quick look, and my first impression is that the library doesn't
do enough to prevent SQL injection attacks. Yes, text queries are
convenient when the full query is known at compile-time. Yes, security
is ultimately the responsibility of those who use the API. Yes, this is
C++, where far worse security flaws are a constant threat. Even so,
connection::query gives me shivers.

-- 
Rainer Deyke (rainerd_at_[hidden])

• Next message: Phil Endecott: "Re: Boost MySQL Review Starts Today"
• Previous message: Richard Hodges: "Boost MySQL Review Starts Today"
• In reply to: Richard Hodges: "Boost MySQL Review Starts Today"
• Next in thread: Ruben Perez: "Re: Boost MySQL Review Starts Today"
• Reply: Ruben Perez: "Re: Boost MySQL Review Starts Today"
• Reply: Rainer Deyke: "Re: Boost MySQL Review Starts Today"
• Maybe reply: Ruben Perez: "Re: Boost MySQL Review Starts Today"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk