What measures the trustworthiness? At what point would the running application be notified that the statement was bound or injection avenue?
On Wed, Apr 17, 2019 at 12:40 PM Richard Hipp <d...@sqlite.org> wrote: > On 4/17/19, Jens Alfke <j...@mooseyard.com> wrote: > > The new sqlite3_value_frombind() function sounds intriguing ā "True if > value > > originated from a bound parameter > > ā but Iām drawing a blank thinking of use cases for it. Optimizations? > > Security? What was the rationale for adding it? > > This facilities additional security measures. If a value comes from a > bind, then (at least in most systems) that means it did not come from > an SQL injection from an attacker, and hence the value is more > trustworthy. > -- > D. Richard Hipp > d...@sqlite.org > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
