On Oct 9, 2018, at 3:05 PM, Simon Slavin <slav...@bigfraud.org> wrote: > > On 9 Oct 2018, at 9:49pm, Warren Young <war...@etr-usa.com> wrote: > >> Also: This list may be an unusually juicy target, given the number of places >> SQLite is deployed. > > The minute SQLite gains any sort of internet connectivity, a hundred thousand > man-hours of cracking attempts will be launched. Which is why it's great the > way it is. Back door access to every mobile phone's contact list ? That's > monetised-hacker heaven.
Who said anything about putting a TCP listener into SQLite? When — I see no reason to say “if” — this mailing list moves to Fossil forums, it will be as a *Fossil* forum, using the same code as currently powers https://fossil-scm.org/forum, not code that is part of SQLite. > As Fossil gains TCP, sockets, streams, or anything else, it becomes a more > tempting target. Fossil v2.7 opens the same TCP listening sockets that v2.6 did, given equal conditions. There’s a half-baked SMTP server feature in 2.7, but it’s not recommended for general use yet. Presumably it will land in Fossil 2.8, but if you don’t enable the feature, it won’t listen. I plan to continue delegating SMTP service to the battle-tested mainstream SMTP server that came with my Fossil server’s OS. > The best protection is that all source code is public. Anyone who thinks > there's vuln can raise it, and ten people will evaluate it while the USA is > still asleep. A graph of Fossil forum traffic currently correlates pretty well with US daylight hours. 2 a.m. US time is a pretty lonely time on the forum. So, we apparently need more European, African, Asian, and Oceanian Fossil users. :) _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
