On Sat, 18 Jul 2009 10:17:14 -0700, Kelly Jones wrote:
> On a website, I want to take a user's query "as is", save it to a
> userquery.txt, and then do:
>
> sqlite3 /path/to/mydb < userquery.txt
>
> where /path/to/mydb is a *read-only* file.
>
> Is there *any* risk of an injection attack here?
Kelly Jones wrote:
> On a website, I want to take a user's query "as is", save it to a
> userquery.txt, and then do:
>
> sqlite3 /path/to/mydb < userquery.txt
>
> where /path/to/mydb is a *read-only* file.
>
> Is there *any* risk of an injection attack here?
>
> Specifically, does sqlite3 have any
On a website, I want to take a user's query "as is", save it to a
userquery.txt, and then do:
sqlite3 /path/to/mydb < userquery.txt
where /path/to/mydb is a *read-only* file.
Is there *any* risk of an injection attack here?
Specifically, does sqlite3 have any shell escapes or any way to change
3 matches
Mail list logo
