Ralf Junker wrote: > But thinking more about hijacking "RowID" I am glad this is now a separate > thread. Lack of a reseverd "RowID" column name to guarantee unambiguous record operations by general SQLite tools is a potential thread to data security IMO.
I think the real problem here is that SQL allows you to have non-distinct rows in a table, when all rows should be distinct. Working within SQL's flaws, the solution here is for every table to have a unique constraint on one or more table columns. Then applications just use that to uniquely identify the row. Rows should be identifiable by user-visible data, not hidden data, since a database is supposed to model reality and people identify things based on their someway-visible attributes. On a separate note, it is best for one to be able to name a table or column et al anything one wants, with all the choice of names as you can store in a text column for user data. Reserved words aren't an issue as long as entity names are referred to with an unambiguously different syntax, such as quoted identifiers as SQL does support. Then database users don't have to worry about implementation details and can name tables and columns whatever they want; saying they can't name their column "RowID" is a leaky abstraction. -- Darren Duncan _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
