Thanks, Jens. I'll keep an eye on that. Take care, Melody
-----Original Message----- From: sqlite-users [mailto:[email protected]] On Behalf Of Jens Alfke Sent: Monday, December 12, 2016 12:32 PM To: SQLite mailing list <[email protected]> Subject: Re: [sqlite] System.Data.SQLite -> ChangePassword 2nd time has opposite behavior > On Dec 12, 2016, at 5:00 AM, Baugher, Melody <[email protected]> wrote: > > string passwordPragma = "PRAGMA key='" + password + "';"; Not quoting the password string leaves you open to SQL injection attack. This probably isn’t an issue in an internal development tool, but if there’s any code like this in the main program, it’s a serious vulnerability, so I thought I’d point it out. —Jens _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
