On Tue, Dec 18, 2018 at 4:00 PM Peter da Silva <res...@gmail.com> wrote:
> On Tue, Dec 18, 2018 at 3:49 PM Nathan Green <ngr...@inco5.com> wrote: > > > Except the problem isn't just in Chrome. Apparently, any system that > allows > > SQL injection is vulnerable. > > > > That's kind of a tautology isn't it? Isn't there some kind of Godwin's Law > variant for XKCD 327? > > I notice that the 12 points on https://www.sqlite.org/appfileformat.html > don't include "secure". > > I mean, sure, we used to distribute software on Usenet as shell scripts > (look up "shar archive") but it's not 1984 any more. > > SQL injection in the generic sense isn't exactly RCE because SQL is declarative. Arbitrarily messing up things in a database is not the same as running any executable code that the database process might have permission to execute. Nathan _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users