> On Dec 12, 2016, at 5:00 AM, Baugher, Melody <[email protected]> wrote: > > string passwordPragma = "PRAGMA key='" + password + "';";
Not quoting the password string leaves you open to SQL injection attack. This probably isn’t an issue in an internal development tool, but if there’s any code like this in the main program, it’s a serious vulnerability, so I thought I’d point it out. —Jens _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
