[sr-dev] sql column type check

Jasmin Schnatterbeck js at data-cmr.net
Wed Sep 21 10:39:51 CEST 2011


juha,

well, bad things will happen, if there are really wrong values in the
database...

kamailio functions (even from different modules) "trust" each other,
they don't always carefully check every input argument. That would add
complexity (and therefore possible bugs) as well as it would cost cpu
time.

So why don't we trust values in database?

I think it's much more efficient if values are checked before they are
written to database. That would mean one "check" for each value -
opposing to many more checks that would occur, if kamailio checks values
every time it reads them from the database...

But that's my perspective only. I think there are also really valid
reasons to check every time a value is being fetched from DB - it adds a
layer of security and stability.

So if a server-wide parameter "skip db value type checks" exists, the
kamailio user will be able to choose the preferred model....

Or a int parameter for different levels of security, for different type
of data (auth_db data changes frequently/is modified by end-users (lower
security level required to bypass checks), lcr data is changed by
employees only (higher security level sufficient to bypass checks)).

jasmin

Am Mittwoch, den 21.09.2011, 11:04 +0300 schrieb Juha Heinanen:
> jasmin,
> 
> are you suggesting that all VAL_TYPE tests that test type of value
> received from db column are removed?
> 
> if so, what if column really has wrong type in database?  are you sure
> that no bad things will happen?
> 
> -- juha
> 
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev





More information about the sr-dev mailing list