On 4/13/17, Keith Medcalf <kmedc...@dessus.com> wrote: > > So in the case of > SQLite just using the standard shell compiled without authorization hooks in > place is sufficient to do what you will to the database
Yes. The sqlite3_set_authorizer() feature is designed to allow a restricted subset of SQL to be used in web-applications where the remote user does not have access to the original database. For example, in Fossil (https://www.fossil-scm.org/) it is possible to allow anonymous users to enter SQL to query bug reports. But we want to prevent the anonymous users from access sensitive data, such as user passwords. Hence: https://www.fossil-scm.org/fossil/artifact/ee53ffbf762?ln=161-232 Background: The sqlite3_set_authorizer() interface was first added for CVSTrac (http://www.cvstrac.org). The Fossil report logic was copied from CVSTrac. -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
