Hi, Soni Interesting idea. Sure does appear to be low-hanging fruit. But I'm not sure anybody who matters is still listening here. Either a merge request or posting on the relevant Discourse channel is more likely to attract interest. Steve Soni L. writes:
We would like to propose the following improvements to DB-API 2.0 that would require bumping it up to DB-API 3.0:
- Get rid of SQL strings - Get rid of SQL strings - Use package resources to store what would otherwise be SQL strings
While we cannot prevent someone from going out of their way to define package resources at runtime just so they can implement SQL injection, ultimately the goal is to provide a small speed bump so they don't feel so inclined to jump straight into SQL injection before trying to do easier, more secure things. _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-leave@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/STPNEL... Code of Conduct: http://python.org/psf/codeofconduct/