> On Dec 12, 2016, at 5:00 AM, Baugher, Melody <mbaug...@dcscorp.com> wrote: > > string passwordPragma = "PRAGMA key='" + password + "';";
Not quoting the password string leaves you open to SQL injection attack. This probably isn’t an issue in an internal development tool, but if there’s any code like this in the main program, it’s a serious vulnerability, so I thought I’d point it out. —Jens _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
