|
|
Boost : |
From: Daniela Engert (dani_at_[hidden])
Date: 2022-05-12 05:09:22
Am 11.05.2022 um 23:07 schrieb Ruben Perez:
> On Wed, 11 May 2022 at 08:29, Daniela Engert via Boost
> <boost_at_[hidden]> wrote:
>> Am 11.05.2022 um 07:52 schrieb Rainer Deyke via Boost:
>>> On 10.05.22 16:59, Rainer Deyke via Boost wrote:
>>>> On 10.05.22 09:14, Richard Hodges via Boost wrote:
>>>>> The Boost formal review of the MySQL library starts Today, taking place
>>>>> from May 10th, 2022 to May 19th, 2022 (inclusive) - We are starting
>>>>> one day
>>>>> after the announced date and extending the period by one day to
>>>>> compensate.
>>>> I took a quick look, and my first impression is that the library
>>>> doesn't do enough to prevent SQL injection attacks. Yes, text
>>>> queries are convenient when the full query is known at compile-time.
>>>> Yes, security is ultimately the responsibility of those who use the
>>>> API. Yes, this is C++, where far worse security flaws are a constant
>>>> threat. Even so, connection::query gives me shivers.
>>> So, I've been thinking about what the library can do to prevent SQL
>>> injection attacks. Ideas:
>>> - As a nuclear option, the query string can be changed into a
>>> template argument to prevent its use with strings that aren't known at
>>> compile-time. Unfortunately this would also prevent some valid uses
>>> of connection::query.
>> Instead of going *that* nuclear, there are better options now with
>> compile-time string inspections. Instead of accepting a 'string_view'
>> (or heavens forbid, 'string') as query string, do the same as the
>> standard library (or {fmt}) does (please see P2216r3, C++23 and DR to
>> C++20, and the {fmt} API documentation):
>>
>> * accept e.g. a boost::query_string object with a consteval-only
>> constructor from a 'string_view' to enable compile-time inspection,
>> similar to (not-yet-)std::/fmt::basic_format_string
> This library targets C++11 and higher. Can this be achieved
> realistically in C++11?
I can't imagine a C++11 implementation of meaningful compile-time query
checking. C++11 and 'constexpr' is like a toddler at doing maths.
Please don't get me wrong - I appreciate every effort to improve the
library landscape. But if the bar is that low I have a hard time seeing
the benefit of this library given that there's sql11 out there for years.
>> * and optionally, as a second overload, accept e.g. a
>> boost::runtime_query_string which wraps a 'string_view' for queries
>> which are not known at compile time, similar to fmt::runtime
>>
>> With that in place, you can do magic as I know from my own explorations
>> of that design space.
>>
>> Ciao
>> Dani
>>
>>
>> _______________________________________________
>> Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk