Thanks for the details Dan
On Sat, 21 Dec 2019 at 18:40, Dan Kennedy wrote:
>
> On 20/12/62 22:03, test user wrote:
> > Hello,
> >
> > I have a search box on a website that uses FTS5/MATCH.
> >
> > MATCH seems to take its own custom language for matching.
> >
> > 1. Is it safe to just pass the
On 20/12/62 22:03, test user wrote:
Hello,
I have a search box on a website that uses FTS5/MATCH.
MATCH seems to take its own custom language for matching.
1. Is it safe to just pass the users query to MATCH ? via the SQLite bind
FFI?
Users could specify a query that uses excessive
Yeh but it doesn’t explicitly say anything about how secure it is to pass a
string directly to “match”.
Other scalar values that are passed to a query via binding are safe as they
are just data saved to the DB file.
But as the MATCH x string contains a language it is going to be interpreted
or
test user, on Friday, December 20, 2019 10:03 AM, wrote...
>
> Hello,
>
> I have a search box on a website that uses FTS5/MATCH.
>
> MATCH seems to take its own custom language for matching.
>
> 1. Is it safe to just pass the users query to MATCH ? via the SQLite bind
> FFI?
>
> - This would give
Hello,
I have a search box on a website that uses FTS5/MATCH.
MATCH seems to take its own custom language for matching.
1. Is it safe to just pass the users query to MATCH ? via the SQLite bind
FFI?
- This would give them full access to the FTS5 matching language.
2. If not, how should I be
5 matches
Mail list logo
