SQL Injection in Rust; still possible?

ยท 175 words ยท 1 minute read

Over the past few years now I’ve been writing some of the backend applications in Rust and I asked myself two questions:

  • can I still get SQL Injection in Rust?
  • what controls are in place to protect against it in SQLx?

In the Rust community, we talk about “Rust is secure” but is this from just memory related bugs or other security issues too? Let’s setup, test, and find out together if Rust and SQLx have some tricks up their sleeves when it comes to protecting against SQL Injection.

Research Video ๐Ÿ”—

Setup ๐Ÿ”—

Source code:

Dependecies:

Documentation:

OWASP CheatSheet ๐Ÿ”—

As an objective of this research I wanted to share this knowledge with the community so I decided to share it with the OWASP CheatSheet project.

I created a Pull Request to the project and now its merged so all developers if they are worried about how to use SQLx correctly and securely, they can use that resource.

Resources ๐Ÿ”—