1#pragma once
2
3#include <string>
4
5
6namespace DB
7{
8
9/** Passing arbitrary connection string to ODBC Driver Manager is insecure, for the following reasons:
10 * 1. Driver Manager like unixODBC has multiple bugs like buffer overflow.
11 * 2. Driver Manager can interpret some parameters as a path to library for dlopen or a file to read,
12 * thus allows arbitrary remote code execution.
13 *
14 * This function will throw exception if connection string has insecure parameters.
15 * It may also modify connection string to harden it.
16 *
17 * Note that it is intended for ANSI (not multibyte) variant of connection string.
18 */
19std::string validateODBCConnectionString(const std::string & connection_string);
20
21}
22