Peter, > On 8/3/17, 9:16 AM, "sqlite-users on behalf of Ulrich Telle"wrote: > > The description of the new pointer-passing interface gives the > > impression that restricting the pointer type parameter to static > > strings or literals prevents misuse of the new feature. > > The term I used was “deters”.
I know, but the SQLite documentation uses "prevents": " ... Thus, the requirement that pointer types be static strings helps to prevent misuse of the pointer-passing interfaces." > > And that is definitely not the case. It might be a hurdle for > > unsophisticated developers, but not for the experienced ones. > > What experienced, non-malicious developers would read the rationale > and then go ahead and implement an extension that opened up the > possibility of a pointer-based exploit from SQL by allowing types > generated from SQL strings? No one, hopefully. At least I'm not going to do that. I just wanted to point out that there are legitimate scenarios (like the wrapper I maintain) in which the restriction makes it harder to implement support for useful extensions like carray. I learned that the restriction was imposed on purpose, and since I believe - as naive as I am - to be a rather experienced developer, I was able to overcome it for my use case. That is, I can now live with the restriction. Regards, Ulrich _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users