On a website, I want to take a user's query "as is", save it to a userquery.txt, and then do:
sqlite3 /path/to/mydb < userquery.txt where /path/to/mydb is a *read-only* file. Is there *any* risk of an injection attack here? Specifically, does sqlite3 have any shell escapes or any way to change the Unix permissions of the file it's accessing? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
