> On Dec 20, 2018, at 4:46 PM, Peter da Silva <res...@gmail.com> wrote: > > Sqlite is explicitly not designed to be secure against untrusted input or > corrupt .
That was true a couple of years ago, but SQLite has been hardened since, mostly because of problems in Chromium. "SQLite should never crash, overflow a buffer, leak memory, or exhibit any other harmful behavior, even with presented with maliciously malformed SQL inputs or database files. SQLite should always detect erroneous inputs and raise an error, not crash or corrupt memory. Any malfunction caused by an SQL input or database file is considered a serious bug and will be promptly addressed when brought to the attention of the SQLite developers. SQLite is extensively fuzz-tested to help ensure that it is resistant to these kinds of errors.” https://www.sqlite.org/security.html —Jens _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users