On 5/10/17, Dominique Devienne <[email protected]> wrote: > > We haven't heard from Richard, but I hope we will eventually. >
No new authorizer codes will be added, since that would present compatibility problems for legacy authorizer callbacks. Instead, the fix is to invoke the authorizer callback with SQLITE_READ but with a NULL column name for any table that is referenced but for which no columns are extracted. This change is more likely to be compatible with legacy authorizer callbacks. In particular, the authorizer callback used by Fossil (https://www.fossil-scm.org/fossil/artifact/ee53ffbf7?ln=161-221) continues to work fine, and with the enhanced SQLITE_READ, no prevents users from creating a report using SELECT count(*) FROM user That returns the number of users, for example. The fix is implemented by https://www.sqlite.org/src/timeline?c=92ab1f72 -- D. Richard Hipp [email protected] _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
