feat: Add Godror compatible driver

alexedwards / scs

HTTP Session Management for Go

MIT License

2.02k stars 165 forks source link

feat: Add Godror compatible driver #185

Open chayes3 opened 8 months ago

chayes3 commented 8 months ago

Implement a store utilizing the godror module.

alexedwards commented 8 months ago

I'm afraid that I can't merge this --- it's vulnerable to SQL injection attacks (the session token is passed through direct from the untrusted session cookie).

Is it possible to rewrite the SQL queries to use placeholder parameters?

chayes3 commented 8 months ago

Thank you for pointing that out, I didn't realize I created an SQL injection. I believe I have fixed it with the latest commit, please let me know if there is anything else I can improve.