> On Nov 2, 2018, at 12:50 AM, Thomas Kurz <sqlite.2...@t-net.ruhr> wrote: > > My opinion is that the logic for database queries should be held together > with the data.
Why? The logic has to be in the application itself (where else would it come from?) to copy into the database in the first place. So why create a duplicate of it in the db file? Also, much of the logic consists of the application code that binds parameters, invokes the query, and uses the output. That’s often pretty closely tied to the details of the SQL statement. Separating those is IMHO bad design, and can be dangerous if they go out of sync somehow. Also, in cases where SQLite is being used as a document format, putting the SQL into the database means a user can be running untrusted SQL if they open a document created by somebody else. This has proven to be a security minefield in the past, and even with the various fixes SQLite has put in place, I believe you have to pay special attention to security if you want to ‘harden’ your app this way. > A scenario where it could be important could be encrypted databases. The > logic stored in the database would then be encrypted as well. But that SQL would presumably be put there by the application, and where does it get it from? It’d be stored as a string in the binary, in an unencrypted state, easily read. —Jens _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
