Hello,

How can I secure user supplied SQL statements in a single process?

For example, if I had a public web service that allows users to create
their own SQL strings that I then run in a single server process, what are
the chances that they would be able to obtain general remote code execution?


I saw a security flaw a while back, and most people mentioned that “you
should not run user supplied SQL statements”.

Is there a way to do this using only SQLite (without spawning many
processes or using OS level isolation)?

Thanks
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to