On 2016/02/29 3:28 PM, Dominique Devienne wrote: > On Mon, Feb 29, 2016 at 2:18 PM, Simon Slavin <slavins at bigfraud.org> wrote: > >> Another way would be to write your own authorizer which, among other >> things, did some encryption of the data involved. >> <https://www.sqlite.org/c3ref/set_authorizer.html> > > It's the first time I read someone proposing using an authorizer has more > than just a "predicate". > > And quickly reading the doc, and it doesn't seem like modifying the SQL (to > inject some function > calls to do encryption/decryption on the fly), as would be required for > "cell"-level encryption. > > Can an authorizer really be "abused" that way? Thanks, --DD
I think Simon might have meant the data coming out of the query can be decrypted based on what the Authorizer gleans from the query text. Either way, I would also be interested to know if the Authorizer can in any way alter a Query - as opposed to simply saying yay or nay. Thanks, Ryan