Re: [sqlite] accessing sqlite files directly via http
I don't completely. It is very difficult to totally safeguard such an interface, but I do use an approach which applies a security layer which will stop fairly unsophisticated attacks, but which is still vulnerable to a real-time man-in-the-middle. I do not send SQL, instead have the RPC be a simple metalanguage which is rigorously parsed so that its functions are limited and controlled. At the XML parser level the DTD is incorporated and used to validate the returned data. Jay Sprenkle wrote: On 6/15/06, John Stanton <[EMAIL PROTECTED]> wrote: I have implemented just such a system as an RPC. It accesses an HTTP server using CGI and returns the table or view requested in XML. How do you ensure non malicious code is sent to RPC? -- SqliteImporter and SqliteReplicator: Command line utilities for Sqlite http://www.reddawn.net/~jsprenkl/Sqlite Cthulhu Bucks! http://www.cthulhubucks.com
Re: [sqlite] accessing sqlite files directly via http
On 6/15/06, John Stanton <[EMAIL PROTECTED]> wrote: I have implemented just such a system as an RPC. It accesses an HTTP server using CGI and returns the table or view requested in XML. How do you ensure non malicious code is sent to RPC? -- SqliteImporter and SqliteReplicator: Command line utilities for Sqlite http://www.reddawn.net/~jsprenkl/Sqlite Cthulhu Bucks! http://www.cthulhubucks.com
Re: [sqlite] accessing sqlite files directly via http
I have implemented just such a system as an RPC. It accesses an HTTP server using CGI and returns the table or view requested in XML. The application parses what it wants from the XML. The programs are simple C, compiling on Unix and Windows, and include an XML parser based on Expat. You are welcome to the code if it would fit in with your project. Martin Pfeifle wrote: Hello, We would like to access (only reading access) a remote sqlite database via http. On a remote computer, an http server is located and an sqlite database file (we are not allowed to install any software on that http-server). On a client computer, an application program wants to access the sqlite file via http. As http supports reading ranges from files and also supports persistent connections, it is in principal possible to write an “os_http” unit (similar to os_unix, os_win,..) which allows to access sqlite files directly via http, i.e. we can simulate fseek, fread and fopen via http. My question now is whether somebody has already some experience with such an “http-port”. Best Martin
[sqlite] accessing sqlite files directly via http
Hello, We would like to access (only reading access) a remote sqlite database via http. On a remote computer, an http server is located and an sqlite database file (we are not allowed to install any software on that http-server). On a client computer, an application program wants to access the sqlite file via http. As http supports reading ranges from files and also supports persistent connections, it is in principal possible to write an “os_http” unit (similar to os_unix, os_win,..) which allows to access sqlite files directly via http, i.e. we can simulate fseek, fread and fopen via http. My question now is whether somebody has already some experience with such an “http-port”. Best Martin
