What measures the trustworthiness? At what point would the running application be notified that the statement was bound or injection avenue?
On Wed, Apr 17, 2019 at 12:40 PM Richard Hipp <[email protected]> wrote: > On 4/17/19, Jens Alfke <[email protected]> wrote: > > The new sqlite3_value_frombind() function sounds intriguing ā "True if > value > > originated from a bound parameter > > ā but Iām drawing a blank thinking of use cases for it. Optimizations? > > Security? What was the rationale for adding it? > > This facilities additional security measures. If a value comes from a > bind, then (at least in most systems) that means it did not come from > an SQL injection from an attacker, and hence the value is more > trustworthy. > -- > D. Richard Hipp > [email protected] > _______________________________________________ > sqlite-users mailing list > [email protected] > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
