Quoth Travis Orr <t...@ivl.com>, on 2010-10-12 08:17:38 -0700: > Drake Wilson said: > - However, it now occurs to me that it may be possible to use the > - fts3_tokenizer() function in a trigger, which is probably a bad thing > - when writing to untrusted databases. > > I suppose the only way to accomplish it would be to recompile sqlite3 > with my custom tokenizer in place. I think that may be more work that it > is worth. The idea of using a trigger is interesting, though I suspect > the performance hit from having to register the tokenizer on each > connection is minimal.
Just to clarify, a trigger isn't useful for this in general, because you still have nowhere to get the function pointer from. Above I was worrying that the current SQLite code might be less safe than it could be as a result of allowing this in triggers by default. I wouldn't worry about the performance; the registration will likely be a minimal hit compared to setting up the connection in the first place. > Travis ---> Drake Wilson _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
