On Fri, Aug 29, 2014 at 4:59 AM, Timothy Beyer <bey...@fastmail.net> wrote:
> There are some limitations that we worked around, such as the fact that > the "%" > symbol has a lot of bugs when used in JSON SQL queries (thus making most > wildcard matches with LIKE useless), so I use GLOB with a regular > expression > for case-insensitivity. > If you can post some examples i'd be happy to take a look at fixing them. > Further, TH1 is very limited, so even in the case of static SQL queries, > you > th1 is extremely limited. libfossil is developing more powerful script bindings: https://docs.google.com/document/d/13gRSl6-bj3LV-OKgE-BsqvqF33UFYW3oa3A2OJC5QSY/view > I find it annoying that users have to be an "Administrator" or "Super > User" to > access the JSON api for SQL queries, as I'd like to choose which tables > they are able to query or not, but then again, it is a distributed version > control > system, so it probably doesn't make sense to have fine-grained security in > the > first place. > Those permssions are for a reason - imagine what happens if a user sends "DROP TABLE blob" via the JSON API. Even if we use authenticators which prohibit that (sqlite supports it), being able to query allows them to reach _any_ blob, regardless of access restrictions. -- ----- stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal "Freedom is sloppy. But since tyranny's the only guaranteed byproduct of those who insist on a perfect world, freedom will have to do." -- Bigby Wolf
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
