Hello, How can I secure user supplied SQL statements in a single process?
For example, if I had a public web service that allows users to create their own SQL strings that I then run in a single server process, what are the chances that they would be able to obtain general remote code execution? I saw a security flaw a while back, and most people mentioned that “you should not run user supplied SQL statements”. Is there a way to do this using only SQLite (without spawning many processes or using OS level isolation)? Thanks _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
