On Sat, 18 Jul 2009 10:17:14 -0700, Kelly Jones wrote:
On a website, I want to take a user's query as is, save it to a
userquery.txt, and then do:
sqlite3 /path/to/mydb userquery.txt
where /path/to/mydb is a *read-only* file.
Is there *any* risk of an injection attack here?
Yes.
On a website, I want to take a user's query as is, save it to a
userquery.txt, and then do:
sqlite3 /path/to/mydb userquery.txt
where /path/to/mydb is a *read-only* file.
Is there *any* risk of an injection attack here?
Specifically, does sqlite3 have any shell escapes or any way to change
Kelly Jones wrote:
On a website, I want to take a user's query as is, save it to a
userquery.txt, and then do:
sqlite3 /path/to/mydb userquery.txt
where /path/to/mydb is a *read-only* file.
Is there *any* risk of an injection attack here?
Specifically, does sqlite3 have any shell