Tony Arcieri
2014-09-21 06:29:21 UTC
Traditionally in Rust, "unsafe" has centered around memory safety. The
reference manual describes it as such:
http://doc.rust-lang.org/rust.html#unsafety
At Strange Loop, during Chris Morgan's talk, someone asked about using the
type system to present SQL injection after he described using the type
system to handle escaping.
He suggested using unsafe to call out when a SQL query is being made with a
raw string.
On the one hand I really liked the clarity of calling out passing a raw
string to a SQL driver as being inherently unsafe, but on the other hand it
seems to be semantically different from Rust's traditional sense of what's
unsafe.
Is it ok to extend unsafe to things which are unsafe from a security
standpoint, or is this conflating concerns?
Should there be a standard way to express things which are potentially
unsafe from a security standpoint but not necessarily from a memory safety
standpoint?
I think something like that would be pretty cool. "insecure" ? ;)
reference manual describes it as such:
http://doc.rust-lang.org/rust.html#unsafety
At Strange Loop, during Chris Morgan's talk, someone asked about using the
type system to present SQL injection after he described using the type
system to handle escaping.
He suggested using unsafe to call out when a SQL query is being made with a
raw string.
On the one hand I really liked the clarity of calling out passing a raw
string to a SQL driver as being inherently unsafe, but on the other hand it
seems to be semantically different from Rust's traditional sense of what's
unsafe.
Is it ok to extend unsafe to things which are unsafe from a security
standpoint, or is this conflating concerns?
Should there be a standard way to express things which are potentially
unsafe from a security standpoint but not necessarily from a memory safety
standpoint?
I think something like that would be pretty cool. "insecure" ? ;)
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140921/74d97b62/attachment.html>
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140921/74d97b62/attachment.html>