On 21/09/14 02:29 AM, Tony Arcieri wrote: > Traditionally in Rust, "unsafe" has centered around memory safety. The > reference manual describes it as such: > > http://doc.rust-lang.org/rust.html#unsafety > > At Strange Loop, during Chris Morgan's talk, someone asked about using > the type system to present SQL injection after he described using the > type system to handle escaping. > > He suggested using unsafe to call out when a SQL query is being made > with a raw string. > > On the one hand I really liked the clarity of calling out passing a raw > string to a SQL driver as being inherently unsafe, but on the other hand > it seems to be semantically different from Rust's traditional sense of > what's unsafe. > > Is it ok to extend unsafe to things which are unsafe from a security > standpoint, or is this conflating concerns? > > Should there be a standard way to express things which are potentially > unsafe from a security standpoint but not necessarily from a memory > safety standpoint? > > I think something like that would be pretty cool. "insecure" ? ;) > > -- > Tony Arcieri
It's not intended to be used for anything other than memory safety. The requirements are the same across all libraries / applications. It's not possible to represent the semantics of 'insecure' in the language as that's very poorly defined and varies across domains and libraries.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
