sqlstring
sqlstring
sqlstring | sqlstring | |
---|---|---|
1 | 1 | |
391 | 1 | |
0.0% | - | |
0.0 | 3.8 | |
about 2 years ago | about 2 years ago | |
JavaScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sqlstring
-
Finding an Authorization Bypass on My Own Website
As a security professional, I was horrified to find out that the maintainers don't consider this a security issue, though they did promise to take this seriously and change the API when they were made aware of it in 2014 (https://github.com/mysqljs/mysql/issues/731).
So I bumped an issue, noting this is all over HN, and offered to write a pull request for the API change proposed by the maintainers:
https://github.com/mysqljs/sqlstring/issues/60
Doug agreed to accept such a request, so I just sat down to figure out the code and a reasonable upgrade plan.
Three hours later, I proudly wrote Doug this email (pasting it here because the issue and codebase are locked to non-contributors so I had to send it via email):
OK, I have a draft pull request ready. Of course, it's a big change and I expect to get a lot of feedback and have a few rounds of back and forth and fixups before it is accepted.
This is the plan as I envision it:
* Release SqlString 3.0.0 that has a new allowObjectValues parameter defaulting to false. This is a new major, so it shouldn't break anybody's code.
sqlstring
-
Finding an Authorization Bypass on My Own Website
* Release mysqljs 3.0 that changes the default and removes the deprecation warning, so new projects get a sane default.
This involves, of course, changes to two repositories, so here they are (I can't open pull requests because I have not contributed in the past):
https://github.com/SonOfLilit/sqlstring
What are some alternatives?
go-sql-driver/mysql - Go MySQL Driver is a MySQL driver for Go's (golang) database/sql package
MySqlConnector - MySQL Connector for .NET
Strapi - 🚀 Strapi is the leading open-source headless CMS. It’s 100% JavaScript/TypeScript, fully customizable and developer-first.
MySQL - A pure node.js JavaScript Client implementing the MySQL protocol.