On Wed, Apr 13, 2011 at 1:49 PM, Greg Stein wrote:
> On Tue, Apr 12, 2011 at 18:19, Hyrum K Wright wrote:
>>...
>>> Yes, but the statement itself can be attacked if you manually build it. With
>>> static text, that is not possible. Attackers cannot alter the semantics in
>>> any way.
>>
>> I gues
On Tue, Apr 12, 2011 at 18:19, Hyrum K Wright wrote:
>...
>> Yes, but the statement itself can be attacked if you manually build it. With
>> static text, that is not possible. Attackers cannot alter the semantics in
>> any way.
>
> I guess I'm just dense, because I can't come up with a scenario in
Greg Stein writes:
> I understand, and would suggest an alternative if I had one right now. I
> feel the same as you about "not that rock, another".
I have an alternative, but I'm not going to claim it's better.
Use sqlite3_create_function to define a function foo that takes two
parameters, a s
On Tue, Apr 12, 2011 at 11:26 AM, Greg Stein wrote:
>...
>> >> > The whole idea behind static statements was to avoid SQL injection
>> >> > attacks.
>> >> > Allowing the *code* to construct statements opens us up.
>> >> >
>> >> > This is Not Good.
>> >>
>> >> This is still a prepared statement, ar
On Apr 12, 2011 9:27 AM, "Hyrum K Wright" wrote:
>
> On Tue, Apr 12, 2011 at 2:12 AM, Greg Stein wrote:
> >
> > On Apr 11, 2011 10:58 PM, "Hyrum K Wright"
wrote:
> >>
> >> On Mon, Apr 11, 2011 at 9:41 PM, Greg Stein wrote:
> >> > Woah. When did svn_sqlite__prepare arrive?
> >>
> >> $ svnd blame
When it comes down to it, a single voice *can* veto a technical choice. We
strive very hard to avoid that because of the many anti-social a specs, but
the point still holds true.
I have not seen anything yet that makes me go "oh, that should work great".
Instead, I see a direction in our code that
rsion.apache.org
>> Subject: Re: svn commit: r1091262 -
>> /subversion/trunk/subversion/libsvn_wc/wc_db.c
>
>
>> Changelists in IDE's are used a lot, for separating work. If you do a
>> major refactoring, touching say 2000 files, and you want those to be
>> par
> -Original Message-
> From: Johan Corveleyn [mailto:jcor...@gmail.com]
> Sent: dinsdag 12 april 2011 15:27
> To: Hyrum Wright
> Cc: C. Michael Pilato; Bert Huijben; Greg Stein; dev@subversion.apache.org
> Subject: Re: svn commit: r1091262 -
> /subversion/trunk
On 04/12/2011 09:14 AM, Hyrum Wright wrote:
> I'll revert this work sometime today.
Just in case it wasn't clear: I'm not suggesting that you unconditionally
revert. Others in the thread are able to evaluate the technical merits of
the approach you took in ways that currently I cannot. I'm real
On Tue, Apr 12, 2011 at 9:27 AM, Hyrum K Wright wrote:
>> Not sure. Maybe we can work through some ideas. But "we have no other
>> choice" is not a good enough reason to keep this. That is an even worse
>> slope to slide down. Doing things simply because they are "convenient".
>
> The general con
On Tue, Apr 12, 2011 at 2:12 AM, Greg Stein wrote:
>
> On Apr 11, 2011 10:58 PM, "Hyrum K Wright" wrote:
>>
>> On Mon, Apr 11, 2011 at 9:41 PM, Greg Stein wrote:
>> > Woah. When did svn_sqlite__prepare arrive?
>>
>> $ svnd blame subversion/libsvn_subr/sqlite.c | grep svn_sqlite__prepare
>> 87545
On Tue, Apr 12, 2011 at 3:14 PM, Hyrum Wright wrote:
> On Tue, Apr 12, 2011 at 8:00 AM, C. Michael Pilato
> wrote:
>>> You are looking at changelists as a way to learn how to move operations into
>>> wc_db properly, but just like that temp table for notifications I don't see
>>> this as the way
On Tue, Apr 12, 2011 at 8:00 AM, C. Michael Pilato wrote:
>> You are looking at changelists as a way to learn how to move operations into
>> wc_db properly, but just like that temp table for notifications I don't see
>> this as the way to go forward.
>>
>> I really don't see why users want to add
> You are looking at changelists as a way to learn how to move operations into
> wc_db properly, but just like that temp table for notifications I don't see
> this as the way to go forward.
>
> I really don't see why users want to add thousands of nodes to changelists
> while we still don't suppor
> -Original Message-
> From: Greg Stein [mailto:gst...@gmail.com]
> Sent: dinsdag 12 april 2011 4:41
> To: dev@subversion.apache.org
> Subject: Re: svn commit: r1091262 -
> /subversion/trunk/subversion/libsvn_wc/wc_db.c
>
> Woah. When did svn_sqlite__prepare ar
On Apr 11, 2011 10:58 PM, "Hyrum K Wright" wrote:
>
> On Mon, Apr 11, 2011 at 9:41 PM, Greg Stein wrote:
> > Woah. When did svn_sqlite__prepare arrive?
>
> $ svnd blame subversion/libsvn_subr/sqlite.c | grep svn_sqlite__prepare
> 875453hwright
> SVN_ERR(svn_sqlite__prepare(&db->prepared_stmts
On Mon, Apr 11, 2011 at 9:41 PM, Greg Stein wrote:
> Woah. When did svn_sqlite__prepare arrive?
$ svnd blame subversion/libsvn_subr/sqlite.c | grep svn_sqlite__prepare
875453hwright
SVN_ERR(svn_sqlite__prepare(&db->prepared_stmts[stmt_idx], db,
873188 gstein svn_sqlite__prepare(svn_sqlite
The function has existed for a long time, but remained unused, AFAIK. I
don't think it should be, and it should be swutched to file-private.
On Apr 11, 2011 10:41 PM, "Greg Stein" wrote:
> Woah. When did svn_sqlite__prepare arrive?
>
> I'm basically -1 on that.
>
> The whole idea behind static sta
Woah. When did svn_sqlite__prepare arrive?
I'm basically -1 on that.
The whole idea behind static statements was to avoid SQL injection attacks.
Allowing the *code* to construct statements opens us up.
This is Not Good.
On Apr 11, 2011 8:31 PM, wrote:
> Author: hwright
> Date: Tue Apr 12 00:31:
19 matches
Mail list logo