Erlend E. Aasland <erlend.aasl...@innova.no> added the comment:
Steve, do you think it is worth it adding an audit hook for setting connection limits? Most of the limits are harmless, but limits that control recursion are more interesting. SQLITE_LIMIT_EXPR_DEPTH: Maximum Depth Of An Expression Tree SQLite parses expressions into a tree for processing. During code generation, SQLite walks this tree recursively. The depth of expression trees is therefore limited in order to avoid using too much stack space. [...] If the value is 0, then no limit is enforced. SQLITE_LIMIT_TRIGGER_DEPTH: Maximum Depth Of Trigger Recursion SQLite limits the depth of recursion of triggers in order to prevent a statement involving recursive triggers from using an unbounded amount of memory. Note also, how the SQLite docs talk about SQLITE_LIMIT_LENGTH: Maximum length of a string or BLOB [...] In security-sensitive applications it is best not to try to increase the maximum string and blob length. In fact, you might do well to lower the maximum string and blob length to something more in the range of a few million if that is possible. ---------- nosy: +steve.dower _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue45243> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com