microsoft
diff --git a/‎mssql_python/connection.py‎
Lines changed: 22 additions & 5 deletions b/‎mssql_python/connection.py‎
Lines changed: 22 additions & 5 deletions
diff --git a/‎mssql_python/pybind/ddbc_bindings.cpp‎
Lines changed: 16 additions & 61 deletions b/‎mssql_python/pybind/ddbc_bindings.cpp‎
Lines changed: 16 additions & 61 deletions
@@ -56,18 +56,35 @@
 
 def _validate_encoding(encoding: str) -> bool:
     """
-    Cached encoding validation using codecs.lookup().
-
+    Validate encoding name for security and correctness.
+    
+    This function performs two-layer validation:
+    1. Security check: Ensures only safe characters are in the encoding name
+    2. Codec check: Verifies it's a valid Python codec
+    
     Args:
         encoding (str): The encoding name to validate.
 
     Returns:
-        bool: True if encoding is valid, False otherwise.
+        bool: True if encoding is valid and safe, False otherwise.
 
     Note:
-        Uses LRU cache to avoid repeated expensive codecs.lookup() calls.
-        Cache size is limited to 128 entries which should cover most use cases.
+        Rejects encodings with:
+        - Empty or too long names (>100 chars)
+        - Suspicious characters (only alphanumeric, hyphen, underscore, dot allowed)
+        - Invalid Python codecs
     """
+    # Security validation: Check length and characters
+    if not encoding or len(encoding) > 100:
+        return False
+    
+    # Only allow safe characters in encoding names
+    # Valid codec names contain: letters, numbers, hyphens, underscores, dots
+    for char in encoding:
+        if not (char.isalnum() or char in ('-', '_', '.')):
+            return False
+    
+    # Verify it's a valid Python codec
     try:
         codecs.lookup(encoding)
         return True
 
@@ -181,84 +181,39 @@ SQLTablesFunc SQLTables_ptr = nullptr;
 SQLDescribeParamFunc SQLDescribeParam_ptr = nullptr;
 
 
-// Encoding function with fallback strategy
-static py::bytes EncodingString(const std::string& text, const std::string& encoding, const std::string& errors = "strict") {
+// Encoding String
+static py::bytes EncodingString(const std::string& text, 
+                                const std::string& encoding, 
+                                const std::string& errors = "strict") {
     try {
         py::gil_scoped_acquire gil;
-        
-        // Create unicode string from input text
         py::str unicode_str = py::str(text);
 
-        // Encoding strategy: try the specified encoding first,
-        // but fallback to latin-1 for Western European characters if UTF-8 fails
-        if (encoding == "utf-8" && errors == "strict") {
-            try {
-                // Try UTF-8 first
-                py::bytes encoded = unicode_str.attr("encode")(encoding, "strict");
-                return encoded;
-            } catch (const py::error_already_set&) {
-                // UTF-8 failed, try latin-1 for Western European characters
-                try {
-                    py::bytes encoded = unicode_str.attr("encode")("latin-1", "strict");
-                    LOG("EncodingString: UTF-8 failed, successfully encoded with latin-1 fallback for {} characters", text.length());
-                    return encoded;
-                } catch (const py::error_already_set&) {
-                    // Both failed, use original approach with error handling
-                    py::bytes encoded = unicode_str.attr("encode")(encoding, errors);
-                    return encoded;
-                }
-            }
-        } else {
-            // Use specified encoding directly for non-UTF-8 or non-strict cases
-            py::bytes encoded = unicode_str.attr("encode")(encoding, errors);
-            return encoded;
-        }
+        // Direct encoding - let Python handle errors strictly
+        py::bytes encoded = unicode_str.attr("encode")(encoding, errors);
+        return encoded;
 
     } catch (const py::error_already_set& e) {
-        // Re-raise Python exceptions as C++ exceptions
+        // Re-raise Python exceptions (UnicodeEncodeError, etc.)
         throw std::runtime_error("Encoding failed: " + std::string(e.what()));
-    } catch (const std::exception& e) {
-        throw std::runtime_error("Encoding error: " + std::string(e.what()));
     }
 }
 
-static py::str DecodingString(const char* data, size_t length, const std::string& encoding, const std::string& errors = "strict") {
+// Decoding String
+static py::str DecodingString(const char* data, size_t length,
+                              const std::string& encoding, 
+                              const std::string& errors = "strict") {
     try {
         py::gil_scoped_acquire gil;
-        
-        // Create bytes object from input data
         py::bytes byte_data = py::bytes(std::string(data, length));
 
-        // Decoding strategy: try the specified encoding first,
-        // but fallback to latin-1 for Western European characters if UTF-8 fails
-        if (encoding == "utf-8" && errors == "strict") {
-            try {
-                // Try UTF-8 first
-                py::str decoded = byte_data.attr("decode")(encoding, "strict");
-                return decoded;
-            } catch (const py::error_already_set&) {
-                // UTF-8 failed, try latin-1 for Western European characters
-                try {
-                    py::str decoded = byte_data.attr("decode")("latin-1", "strict");
-                    LOG("DecodingString: UTF-8 failed, successfully decoded with latin-1 fallback for {} bytes", length);
-                    return decoded;
-                } catch (const py::error_already_set&) {
-                    // Both failed, use original approach with error handling
-                    py::str decoded = byte_data.attr("decode")(encoding, errors);
-                    return decoded;
-                }
-            }
-        } else {
-            // Use specified encoding directly for non-UTF-8 or non-strict cases
-            py::str decoded = byte_data.attr("decode")(encoding, errors);
-            return decoded;
-        }
+        // Direct decoding - let Python handle errors strictly
+        py::str decoded = byte_data.attr("decode")(encoding, errors);
+        return decoded;
 
     } catch (const py::error_already_set& e) {
-        // Re-raise Python exceptions as C++ exceptions  
+        // Re-raise Python exceptions (UnicodeDecodeError, etc.)
         throw std::runtime_error("Decoding failed: " + std::string(e.what()));
-    } catch (const std::exception& e) {
-        throw std::runtime_error("Decoding error: " + std::string(e.what()));
     }
 }