On 8/3/17, 9:16 AM, "sqlite-users on behalf of Ulrich Telle" <sqlite-users-boun...@mailinglists.sqlite.org on behalf of ulrich.te...@gmx.de> wrote: > The description of the new pointer-passing interface gives the impression > that restricting the pointer type parameter to static strings or literals > prevents misuse of the new feature.
The term I used was “deters”. > And that is definitely not the case. It might be a hurdle for unsophisticated > developers, but not for the experienced ones. What experienced, non-malicious developers would read the rationale and then go ahead and implement an extension that opened up the possibility of a pointer-based exploit from SQL by allowing types generated from SQL strings? _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users