| 1 | #pragma once |
|---|---|
| 2 | |
| 3 | #include <string> |
| 4 | |
| 5 | |
| 6 | namespace DB |
| 7 | { |
| 8 | |
| 9 | /** Passing arbitrary connection string to ODBC Driver Manager is insecure, for the following reasons: |
| 10 | * 1. Driver Manager like unixODBC has multiple bugs like buffer overflow. |
| 11 | * 2. Driver Manager can interpret some parameters as a path to library for dlopen or a file to read, |
| 12 | * thus allows arbitrary remote code execution. |
| 13 | * |
| 14 | * This function will throw exception if connection string has insecure parameters. |
| 15 | * It may also modify connection string to harden it. |
| 16 | * |
| 17 | * Note that it is intended for ANSI (not multibyte) variant of connection string. |
| 18 | */ |
| 19 | std::string validateODBCConnectionString(const std::string & connection_string); |
| 20 | |
| 21 | } |
| 22 |
Generated while processing ClickHouse/dbms/programs/odbc-bridge/ColumnInfoHandler.cpp
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.