I totally agree with your answer. But this wasn't really the question.
> You have hacked around this security feature
I beg you to try to look at my "hacks" with a fresh eye.
The service they provide is a genuine one: be able to run raw SQL requests,
and also to be notified when one has
On 8/2/19, Gwendal Roué wrote:
>
> Do you think this can still be seen as a misuse of the library?
>
Forcing a reprepare after an authorizer change is a security feature.
It helps to prevent people from adding an authorizer, but then
mistakenly using a statement that was prepared before the
For the record, I have successfully refactored my code so that authorizer
is set only once, and the issue has disappeared.
Yet, this authorizer not always returns the same value for the same input.
Precisely speaking, it always return SQLITE_OK, but when asked if it should
allow deletion.
In
After I have read the documentation of sqlite3ExpirePreparedStatements, I
better see how the GRDB authorizers dance is a misuse of the library.
The goal of GRDB authorizers, which is only to grab information about the
statements before they are executed, is at odds with the fact that SQLite
For the context, GRDB uses authorizers as a support for its database
observation features:
- during the compilation of a read statements in order to know what part of
the database would be accessed by the statement.
- during the compilation of other statements in order to know what part of
the
Yes, Richard, this fixes the problem! Tested with my local copy of SQLite
3.28.0.
On Thu, Aug 1, 2019 at 9:23 PM Richard Hipp wrote:
> On 8/1/19, Gwendal Roué wrote:
> >
> > 1. set authorizer
> > 2. compile statement
> > 3. reset authorizer
> > 4. step
> > 5. set authorizer (and do something
On 8/1/19, Gwendal Roué wrote:
>
> 1. set authorizer
> 2. compile statement
> 3. reset authorizer
> 4. step
> 5. set authorizer (and do something else)
> 6. step -> SQLITE_ABORT_ROLLBACK
Please test to see if changing the "0" to a "1" on the line of code
shown below fixes the problem, and report
Hello,
This is an issue report.
SQLite from version 3.8.8 to version 3.24.0 exhibits an issue which
prevents the use of sqlite3_set_authorizer during the iteration of a
statement. The issue does not happen with all statements, but only with
some of them.
It basically goes this way:
1. set
8 matches
Mail list logo