On Tuesday, 21 January, 2020 05:28, Richard Hipp wrote:
>On 1/21/20, Keith Medcalf wrote:
>> Richard,
>>
>> The TRUSTED_SCHEMA setting works really well but I have noticed one
>> problem (there may be more, but I haven't run across any yet) with
>> it that is perhaps easy to address, though it needs to be done
>> properly. That is perhaps adding an innocuous flag to pragma
>> definitions in mkpragmatab.tcl so that it can be carried though
>> into the vtable code that handles pragma_ xConnect
>> method.
>>
>> This would permit pragma's such as table_info (for example) to be
>> marked as innocuous so that pragma_table_info could be used in a
>> view even when the schema is untrusted.
> That would potentially leak information about the schemas of other
> attached database files. It seems like a harmless information leak,
> but it is a leak nevertheless.
>
> If you are setting untrusted schema (as you probably should) but you
> need to use pragma virtual tables inside of triggers and views,
> consider putting them inside TEMP triggers and views. TEMP triggers
> and views, because they must originate in the application itself, are
> always trusted.
Done, tested, and putting those views in temp works just fine.
And yes, I agree that not marking the pragma vtabs as innocuous is the right
thing.
--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a
lot about anticipated traffic volume.
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
