Erlend E. Aasland <erlend.aasl...@innova.no> added the comment:
Steve, do you think it is worth it adding an audit hook for setting connection
limits?
Most of the limits are harmless, but limits that control recursion are more
interesting.
SQLITE_LIMIT_EXPR_DEPTH:
Maximum Depth Of An Expression Tree
SQLite parses expressions into a tree for processing. During code
generation, SQLite walks this tree recursively. The depth of expression
trees is therefore limited in order to avoid using too much stack space.
[...] If the value is 0, then no limit is enforced.
SQLITE_LIMIT_TRIGGER_DEPTH:
Maximum Depth Of Trigger Recursion
SQLite limits the depth of recursion of triggers in order to prevent a
statement involving recursive triggers from using an unbounded amount of
memory.
Note also, how the SQLite docs talk about SQLITE_LIMIT_LENGTH:
Maximum length of a string or BLOB
[...] In security-sensitive applications it is best not to try to increase
the maximum string and blob length. In fact, you might do well to lower
the maximum string and blob length to something more in the range of a few
million if that is possible.
----------
nosy: +steve.dower
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue45243>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
