Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: database/sql: eliminate sql injection, by force #66196

Closed
SoniEx2 opened this issue Mar 8, 2024 · 1 comment
Closed

proposal: database/sql: eliminate sql injection, by force #66196

SoniEx2 opened this issue Mar 8, 2024 · 1 comment
Labels
Proposal
Milestone
Proposal

Comments

@SoniEx2
Copy link

SoniEx2 commented Mar 8, 2024

Proposal Details

there has been an article about google's efforts to move to secure-by-design languages and libraries. one of the points it raises is about the query API being happy to accept strings (and, consequently, string interpolation).

the simplest solution is to make it use bundled resources instead. this means the package would include static assets consisting of sql script/query files, and the query API would take a reference to them. importantly, this outright forbids string interpolation.
@gopherbot gopherbot added this to the Proposal milestone Mar 8, 2024
@seankhliao
Copy link
Member

Duplicate of #64314

@seankhliao seankhliao marked this as a duplicate of #64314 Mar 8, 2024
@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Mar 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposal
Projects
None yet
Milestone
Proposal
Development

No branches or pull requests
3 participants
@SoniEx2 @gopherbot @seankhliao