Re: [sqlite] Always call a value-quoting routine

2018-05-07 Thread Rowan Worth 
On 7 May 2018 at 15:13, Scott Robison  wrote:

> On Sun, May 6, 2018 at 11:34 PM, Rowan Worth  wrote:
> > Its omission is interesting though. Does it indicate an incompetent
> > attacker, or is companieshouse.gov.uk using some bespoke approach like
> > "delete all single quotes" instead of actually quoting strings?
>
> It could just indicate someone with a sense of humor who crafted a
> name that looks like an injection attack for their company.
>

True, or crafted a name that makes it look like the registrar is using
unusual sanitation approaches ;)
Although a search for "it's"¹ reveals they do allow single quotes in
company names, so they're off the hook.

¹ or "its" - it seems single quotes are ignored for search purposes,
although other punctuation like ; and , are not.

LP and LLP are apparently also acceptable suffixes:

https://beta.companieshouse.gov.uk/company/LP004358
https://beta.companieshouse.gov.uk/company/OC387006

Not sure about these next ones -- did they just fall through the cracks?

https://beta.companieshouse.gov.uk/company/SL003914
https://beta.companieshouse.gov.uk/company/SC096234

-Rowan
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Getting statement column data types on Android

2018-05-07 Thread J Decker 
https://www.sqlite.org/c3ref/column_blob.html

int sqlite3_column_type(sqlite3_stmt*, int iCol);

?

On Mon, May 7, 2018 at 4:28 PM, Bart Smissaert 
wrote:

> Yes, thanks, that might be the best way, but it can get a bit complicated
> with complex SQL.
>
> RBS
>
>
>
> On Tue, May 8, 2018 at 12:05 AM, Simon Slavin 
> wrote:
>
> > On 7 May 2018, at 10:49pm, Bart Smissaert 
> > wrote:
> >
> > > Using B4A for a SQLite database app on an Android phone.
> > > B4A doesn't have functions like sqlite3_column_decltype and
> > > sqlite3_column_type
> > > and this is causing some difficulty getting the column datatypes of a
> > row producing statement.
> >
> > See page 30 of the Basic4android manual, downloadable from
> >
> > 
> >
> > The general idea is to execute a query like
> >
> > SELECT ID, Name, Age, Height, typeof(Name), typeof(Age),
> > typeof(Height) FROM Table1
> >
> > Simon.
> > ___
> > sqlite-users mailing list
> > sqlite-users@mailinglists.sqlite.org
> > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
> >
> ___
> sqlite-users mailing list
> sqlite-users@mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fossil Delta Compression in SqLite

2018-05-07 Thread Philip Bennefall 
I am far from an expert in this field myself so I don't know whether 
including it in the text section of the binary would be enough, and the 
main issue for me is when clients of mine redistribute middleware in 
their turn as I mentioned in an earlier post. But either way, Richard 
already cleared this up so there's no more ambiguity on my end.


Kind regards,

Philip
On 5/7/2018 11:11 PM, Warren Young wrote:

On May 7, 2018, at 9:53 AM, Philip Bennefall  wrote:

It was merely an idea to possibly avoid some potential ambiguity regarding 
public domain, which is a bit of a gray area in many places.

So take the code under the explicit license, then.

In my non-expert opinion, the worry over attribution is bogus.  Restriction 2 
in the 2-clause BSD license just requires that the license text itself be in 
the binary, not that you “attribute” the software in your documentation or in a 
startup banner as is required by some other licenses.

Fossil itself doesn’t bother to do even that:

 $ strings `which fossil` | grep 'IMPLIED WARRANTIES'


___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users


___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Getting statement column data types on Android

2018-05-07 Thread Bart Smissaert 
Yes, thanks, that might be the best way, but it can get a bit complicated
with complex SQL.

RBS



On Tue, May 8, 2018 at 12:05 AM, Simon Slavin  wrote:

> On 7 May 2018, at 10:49pm, Bart Smissaert 
> wrote:
>
> > Using B4A for a SQLite database app on an Android phone.
> > B4A doesn't have functions like sqlite3_column_decltype and
> > sqlite3_column_type
> > and this is causing some difficulty getting the column datatypes of a
> row producing statement.
>
> See page 30 of the Basic4android manual, downloadable from
>
> 
>
> The general idea is to execute a query like
>
> SELECT ID, Name, Age, Height, typeof(Name), typeof(Age),
> typeof(Height) FROM Table1
>
> Simon.
> ___
> sqlite-users mailing list
> sqlite-users@mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Getting statement column data types on Android

2018-05-07 Thread Simon Slavin 
On 7 May 2018, at 10:49pm, Bart Smissaert  wrote:

> Using B4A for a SQLite database app on an Android phone.
> B4A doesn't have functions like sqlite3_column_decltype and
> sqlite3_column_type
> and this is causing some difficulty getting the column datatypes of a row 
> producing statement.

See page 30 of the Basic4android manual, downloadable from



The general idea is to execute a query like

SELECT ID, Name, Age, Height, typeof(Name), typeof(Age), typeof(Height) 
FROM Table1

Simon.
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] Getting statement column data types on Android

2018-05-07 Thread Bart Smissaert 
Using B4A for a SQLite database app on an Android phone.
B4A doesn't have functions like sqlite3_column_decltype and
sqlite3_column_type
and this is causing some difficulty getting the column datatypes of a row
producing
statement.

If we have for example:

create table Table1(ID Integer, Name Text, Age Integer, Height Real)

select ID, Name, Age, Height from Table1

Then I would like to get the data types: 1, 3, 1, 2

This would be easy in the above case with some parsing etc. but gets very
tricky if there
are joins and sub-selects etc. I am not too worried about data conversions
and UDF's etc.

Would it somehow be possible to get these data types from an explain, so:
explain  select ID, Name, Age, Height from Table1?

RBS
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fossil Delta Compression in SqLite

2018-05-07 Thread Warren Young 
On May 7, 2018, at 9:53 AM, Philip Bennefall  wrote:
> 
> It was merely an idea to possibly avoid some potential ambiguity regarding 
> public domain, which is a bit of a gray area in many places.

So take the code under the explicit license, then.

In my non-expert opinion, the worry over attribution is bogus.  Restriction 2 
in the 2-clause BSD license just requires that the license text itself be in 
the binary, not that you “attribute” the software in your documentation or in a 
startup banner as is required by some other licenses.

Fossil itself doesn’t bother to do even that:

$ strings `which fossil` | grep 'IMPLIED WARRANTIES'


___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fossil Delta Compression in SqLite

2018-05-07 Thread R Smith 

On 2018/05/07 5:53 PM, Philip Bennefall wrote:
It was merely an idea to possibly avoid some potential ambiguity 
regarding public domain, which is a bit of a gray area in many places. 
Obviously not a requirement for anyone to do anything, it was but a 
friendly question.


All good sir, the jibe was aimed at the legal peculiarity and not at the 
request.




___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fossil Delta Compression in SqLite

2018-05-07 Thread Philip Bennefall 
It was merely an idea to possibly avoid some potential ambiguity 
regarding public domain, which is a bit of a gray area in many places. 
Obviously not a requirement for anyone to do anything, it was but a 
friendly question.



Kind regards,

Philip
On 5/7/2018 5:44 PM, R Smith wrote:


On 2018/05/07 5:33 PM, Philip Bennefall wrote:

Thanks very much for that information, Richard! :)

I don't know if it would make any difference legally, but perhaps 
this could be made explicit in the comments?


So it's not enough to get it free... the free giver has to now put 
some extra labour for zero reward into convincing people it is free to 
use.


This is a crazy World. :)


___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users


___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fossil Delta Compression in SqLite

2018-05-07 Thread R Smith 


On 2018/05/07 5:33 PM, Philip Bennefall wrote:

Thanks very much for that information, Richard! :)

I don't know if it would make any difference legally, but perhaps this 
could be made explicit in the comments?


So it's not enough to get it free... the free giver has to now put some 
extra labour for zero reward into convincing people it is free to use.


This is a crazy World. :)


___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fossil Delta Compression in SqLite

2018-05-07 Thread Philip Bennefall 

Thanks very much for that information, Richard! :)

I don't know if it would make any difference legally, but perhaps this 
could be made explicit in the comments?


Thanks again.

Kind regards,

Philip
On 5/7/2018 5:22 PM, Richard Hipp wrote:

You are welcomed to use the public-domain version of the delta
encoding routines found in the SQLite source tree for whatever purpose
you want, without attribution.  I am the sole author of that code, and
I am a citizen of a country that allows people to disavow intellectual
property claims, so it is possible for me to say this.

On 5/7/18, Philip Bennefall  wrote:

As far as I can judge, you need to include the entire license - or at
least the majority of it - in the documentation (not just a single
line). For an end user product that's fine, but I would rather not have
to ask clients to do so if I am distributing middleware simply because
of a component that I use internally and which they never see. It's a
pretty big difference from public domain in that respect, though I
realize that it is a difference that many people don't care about.

I would be curious to hear what the developers think about this, since
this license differs from the rest of the SqLite codebase. Of course it
is an extension so you don't need to include it, but I'm curious
nonetheless.

Thanks in advance for any clarification.

Kind regards,

Philip Bennefall
On 5/7/2018 4:54 PM, Peter Da Silva wrote:

On 5/6/18, 11:23 AM, "sqlite-users on behalf of Philip Bennefall"
 wrote:
  Only the requirement for attribution in binaries. That can be
  significant in certain use cases.

One line of text in the documentation provided with the distribution
doesn't seem burdensome. It's not like the advertising clause in the
original BSD license... is that what you're thinking of?


___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users





___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fossil Delta Compression in SqLite

2018-05-07 Thread Richard Hipp 
You are welcomed to use the public-domain version of the delta
encoding routines found in the SQLite source tree for whatever purpose
you want, without attribution.  I am the sole author of that code, and
I am a citizen of a country that allows people to disavow intellectual
property claims, so it is possible for me to say this.

On 5/7/18, Philip Bennefall  wrote:
> As far as I can judge, you need to include the entire license - or at
> least the majority of it - in the documentation (not just a single
> line). For an end user product that's fine, but I would rather not have
> to ask clients to do so if I am distributing middleware simply because
> of a component that I use internally and which they never see. It's a
> pretty big difference from public domain in that respect, though I
> realize that it is a difference that many people don't care about.
>
> I would be curious to hear what the developers think about this, since
> this license differs from the rest of the SqLite codebase. Of course it
> is an extension so you don't need to include it, but I'm curious
> nonetheless.
>
> Thanks in advance for any clarification.
>
> Kind regards,
>
> Philip Bennefall
> On 5/7/2018 4:54 PM, Peter Da Silva wrote:
>> On 5/6/18, 11:23 AM, "sqlite-users on behalf of Philip Bennefall"
>> > phi...@blastbay.com> wrote:
>>  Only the requirement for attribution in binaries. That can be
>>  significant in certain use cases.
>>
>> One line of text in the documentation provided with the distribution
>> doesn't seem burdensome. It's not like the advertising clause in the
>> original BSD license... is that what you're thinking of?
>>
>>
>> ___
>> sqlite-users mailing list
>> sqlite-users@mailinglists.sqlite.org
>> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
> ___
> sqlite-users mailing list
> sqlite-users@mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>


-- 
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fossil Delta Compression in SqLite

2018-05-07 Thread Philip Bennefall 
As far as I can judge, you need to include the entire license - or at 
least the majority of it - in the documentation (not just a single 
line). For an end user product that's fine, but I would rather not have 
to ask clients to do so if I am distributing middleware simply because 
of a component that I use internally and which they never see. It's a 
pretty big difference from public domain in that respect, though I 
realize that it is a difference that many people don't care about.


I would be curious to hear what the developers think about this, since 
this license differs from the rest of the SqLite codebase. Of course it 
is an extension so you don't need to include it, but I'm curious 
nonetheless.


Thanks in advance for any clarification.

Kind regards,

Philip Bennefall
On 5/7/2018 4:54 PM, Peter Da Silva wrote:

On 5/6/18, 11:23 AM, "sqlite-users on behalf of Philip Bennefall" 
 wrote:
 Only the requirement for attribution in binaries. That can be
 significant in certain use cases.

One line of text in the documentation provided with the distribution doesn't 
seem burdensome. It's not like the advertising clause in the original BSD 
license... is that what you're thinking of?
  


___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users


___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Always call a value-quoting routine

2018-05-07 Thread Peter Da Silva 
On 5/7/18, 2:14 AM, "sqlite-users on behalf of Scott Robison" 
 wrote:
It could just indicate someone with a sense of humor who crafted a
name that looks like an injection attack for their company.

Most likely, or else it's part of an honor system exploit.

http://humorix.org/10277

___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fossil Delta Compression in SqLite

2018-05-07 Thread Peter Da Silva 
On 5/6/18, 11:23 AM, "sqlite-users on behalf of Philip Bennefall" 
 
wrote:
Only the requirement for attribution in binaries. That can be 
significant in certain use cases.

One line of text in the documentation provided with the distribution doesn't 
seem burdensome. It's not like the advertising clause in the original BSD 
license... is that what you're thinking of?
 

___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] possible bug affecting 3.22 and 3.23 - load_extension()

2018-05-07 Thread Richard Hipp 
I have checked in a change to address this on trunk.

Meanwhile, your work-around is to include the ".so" suffix on the
library name.  xample:

SELECT load_extension('mod_spatiallite.so');

On 5/6/18, a.furi...@lqt.it  wrote:
> it seems that some unexpected regression is affecting load_extension()
> on Linux when using the most recent versions of SQLite (3.22 and 3.23).
>
> my test configuration:
> - sqlite3 installed on the current directory
> - extension module installed on /usr/local/lib
>(/usr/local/lib/mod_spatialite.so)
>
> $ export "LD_LIBRARY_PATH=/usr/local/lib"
> $ ./sqlite3
> sqlite> SELECT load_extension('mod_spatialite');
>
> - the extension module is successfully loaded when using 3.20.1
> - but it fails when using 3.22.0 or 3.23.1
>
> digging into the code I was finally able to reestablish the expected
> behavior of load_extension() after applying the following patch:
>
> sqlite3.c (v.3.23.1) - line 115917 - sqlite3LoadExtension()
> ---
> handle = sqlite3OsDlOpen(pVfs, zFile);
> #if SQLITE_OS_UNIX || SQLITE_OS_WIN
>for(ii=0; ii  char *zAltFile = sqlite3_mprintf("%s.%s", zFile, azEndings[ii]);
>  int bExists = 0;
>  if( zAltFile==0 ) return SQLITE_NOMEM_BKPT;
> /*
>  sqlite3OsAccess(pVfs, zAltFile, SQLITE_ACCESS_EXISTS, );
>  if( bExists )
> */
>  handle = sqlite3OsDlOpen(pVfs, zAltFile);
>  sqlite3_free(zAltFile);
>}
> #endif
> ---
>
> it seems that sqlite3OsAccess() fails to correctly locate the
> module to be loaded because it checks just the current working
> directory whilst sqlite3OsDlOpen() correctly searches more
> directories, as the additional ones defined by LD_LIBRARY_PATH.
>
> bye
> Sandro Furieri (developer and maintainer of SpatiaLite)
> ___
> sqlite-users mailing list
> sqlite-users@mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>


-- 
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Always call a value-quoting routine

2018-05-07 Thread Scott Robison 
On Sun, May 6, 2018 at 11:34 PM, Rowan Worth  wrote:
> Amusing -- but without the leading single-quote it would take intentional
> effort for a programmer to detonate this payload.
>
> Its omission is interesting though. Does it indicate an incompetent
> attacker, or is companieshouse.gov.uk using some bespoke approach like
> "delete all single quotes" instead of actually quoting strings?

It could just indicate someone with a sense of humor who crafted a
name that looks like an injection attack for their company.
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users