-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It seems to be a recurring problem that, in designing secure server-side software, it is difficult to distinguish between variables containing trusted and untrusted input. I would propose the addition of a library to Boost that attempts to alleviate these kinds of issues by providing a template for "trusted types," as well as methods that can be marked as requiring trusted input. For instance: boost::trust::trusted<std::string> ts; cin >> ts; cout << ts.trusted(); // returns false escape_string(ts); cout << ts.trusted(); // returns true foo(ts); where foo() would have a prototype looking like: void foo(boost::trust::trusted<std::string, MUST_TRUST> str); I have not written any actual code to back up this idea, but rather wanted to propose the idea to the list first. The idea for how this would work hinges on trusted<T> offering two casting operators: one to const T and one to T. Any use of the non-const cast would result in the trust flag being set to untrusted. If anyone is interested, please let me know. Thanks. - --Christopher Granade Note: Sorry if this post is received twice. The first didn't seem to go through. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEduB70dXuuZr00J4RAgpCAKCO1z4OByvzRUc5oiVAKxfSH/2WOQCgpQM/ IUmUZl7us1on2N1kIPW8BRk= =CX5j -----END PGP SIGNATURE-----