-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/12/2011 08:25 AM, Stephen Blessing wrote: > It appears that your SQLite3.6.23.1 software may have some security issues > that need to be addressed:
The tool you used is pathetic. It is about as helpful as saying your house has "High" security risks because it found scissors. What is important is context - how are they used, by whom and can unintended people get access. The tool is "rough" because it doesn't bother with that context. Far better tools are Coverity and one included with Clang. You can see Coverity's opinion here: http://scan.coverity.com/rung1.html And because Clang is open source the SQLite authors were able to run it themselves and fix anything it showed up. Note that in the vast majority of cases these tools come up with false positives. The styling of the SQLite code is changed to keep them happy. See also: http://www.sqlite.org/faq.html#q17 Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2lrXwACgkQmOOfHg372QTcLwCg4DXUuVaxEz3Dcmnh1RP48Azv f/kAn0uc9oDR9ET4BPRU8yhpdp3/wmPR =J3kl -----END PGP SIGNATURE----- _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
