OC
OCaml Security
Security practices for OCaml web and systems applications
Details
Language / Topic
OCamlCategory
Security
Rules
balanced
- Use `Caqti` with parameterized queries for database access — never interpolate user input into raw SQL strings.
- Use `Mirage_crypto` for cryptographic operations — never implement custom cipher or hashing routines.
- Validate and decode all external data at module boundaries using `Decoders` or `Jsonaf` with typed schema definitions.
- Store secrets in environment variables accessed via `Sys.getenv_opt` — reject startup if required secrets are absent.