It seems natural to conflate memory (to which "unsafe" refers to uses of) and types.
It might make sense to extend the terminology to types: perhaps "bottom" could express a similar thing: that beyond which the compiler is uncertain. However, if we tried to extend this terminology directly into higher-level statements like "secure" vs. "insecure", unless there's actually a way to define requirements and get a compiler to prove a program with a bunch of SQL queries is secure, I'm not comfortable giving devs. a tool with which to lie to themselves. :D Kevin On Fri, Oct 3, 2014 at 3:56 AM, Florian Weimer <f...@deneb.enyo.de> wrote: > > * Matthieu Monrocq: > > > If a method requires a SQL-safe string... ah no, don't do that, use > > bind-parameters and you are guaranteed to be sql-injection safe. > > Sometimes, SQL queries (with parameter placeholders) are loaded from > configuration files, and such operations look unsafe from the point of > view of most (reasonable) type systems. > _______________________________________________ > Rust-dev mailing list > Rust-dev@mozilla.org > https://mail.mozilla.org/listinfo/rust-dev _______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
