> I can only control the databases and the libsqlite.so. > Is everything clear?
How do you do that, I wonder? Why do you think that applications you don't control will always use your libsqlite.so? They may not use libsqlite.so at all (compile SQLite sources into application) or use whatever library they want even by simple providing their own value of LD_LIBRARY_PATH. So what makes you think that you control libsqlite.so? Pavel On Sat, Jul 16, 2011 at 11:03 PM, san long <kerneltrap...@gmail.com> wrote: > It seems that my words are still ambiguous, let me make it further clear. > there are many processes in the system (ie, linux ), they use the sqlite > databases, I add many rules to allow/forbidden their access to the > databases, such as: > "A" (process name) can see all records except rowid 1,2 > "B" .....except rowid 1,3 > "C" ......except rowid 4,5 > and so on. The rule could be updated at any time. > I can't control the action of "A", "B", "C", they have their own normal SQL > , so the WHERE clause can't be added except modifying the source code of > sqlite3_exec() and change the zSql parameter. > I can only control the databases and the libsqlite.so. > Is everything clear? > > > > > 2011/7/17 Jean-Christophe Deschamps <j...@antichoc.net> > >> >> >I want to make things clear. there are some rules in my system, such >> >as : process whose name is proc_host can see all the records, and >> >process whose name is proc_client1 can see all the records except >> >rowid 1. >> >> First, keep away of relying on rowid values since they may change if >> you don't create an INTEGER primary key yourself. >> >> That said, I have a feeling you don't expose all your requirements. >> >> Now from what you've told, what I would do is encode the sensitive >> columns of your "protected" row(s) with any proven standard of your >> choice. Share the key with all privileged processes and leave the >> other processes in the bush. Eventually, have a boolean column called >> "secret_row" to sort that out and you're home. >> >> Whatever OS you use, you can probably have access to an easy-to-use >> system call to perform on the fly encryption. Alternatively you can >> also code a simple known one yourself (relying on a proven algorithm) >> in your application. >> >> -- >> <mailto:j...@q-e-d.org>j...@antichoc.net >> >> _______________________________________________ >> sqlite-users mailing list >> sqlite-users@sqlite.org >> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users >> > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
