Thanks, Jens. I'll keep an eye on that. Take care, Melody
-----Original Message----- From: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org] On Behalf Of Jens Alfke Sent: Monday, December 12, 2016 12:32 PM To: SQLite mailing list <sqlite-users@mailinglists.sqlite.org> Subject: Re: [sqlite] System.Data.SQLite -> ChangePassword 2nd time has opposite behavior > On Dec 12, 2016, at 5:00 AM, Baugher, Melody <mbaug...@dcscorp.com> wrote: > > string passwordPragma = "PRAGMA key='" + password + "';"; Not quoting the password string leaves you open to SQL injection attack. This probably isn’t an issue in an internal development tool, but if there’s any code like this in the main program, it’s a serious vulnerability, so I thought I’d point it out. —Jens _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
