-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I thought sqlite databases weren't supposed to be opened with two sqlite processes at once. There are unimplemented locking commands due to this right?
I'm bouncing back and forth in my head trying to decide if I should use mysql or sqlite to write a package manager. I'd like to use SQLite because it's a single library reliant on pthreads and libc, and thus lightweight and potentially ok for embedded systems; worst case, I write a RDBMS shell around SQLite especially for the package manager.
D. Richard Hipp wrote: | SQLite databases are designed to be shared by two or more | processes, so no it does not use O_EXCL. New files are | created using 0644. If you want a different permission | setting, do something like | | close(open(zFilename, O_CREAT, 0600)); | | prior to opening. |
or just mkstemp()
| Temporary files and rollback journals are opened using | both O_EXCL and O_NOFOLLOW and permissions 0600. And
should use mkstemp() (files) and mkdtemp() (directories)
| temporary file names contain a lot of randomness. All | these measures are to combat unforeseen vulnerabilities
Which is why mkstemp() and mkdtemp() were invented. | due to races, though to be honest, it isn't clear what | kind of vulnerabilities might be created if these | measures were not use.
http://www.ubuntulinux.org/wiki/wiki/USNAnalysis
Second most common vulnerability: Temp file races. |
- -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBzLUGhDd4aOud5P8RApcrAJ9HMckJl4TVOx5fodxWfBq+idQqYACbBHW9 u2GF1Rcyfzvgo+ifo2/DBGY= =T3AM -----END PGP SIGNATURE-----
