I have to say I'm pretty boggled that Chrome allows hostile users to feed code directly into an SQL interpreter that wasn't written from the ground up to be secure. Secure interpreters are *hard* even when you're designing them from scratch (see also, the whole history of web-based vulnerabilities). That seems to be dancing with the screwup fairy to me. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
- [sqlite] Claimed vulnerability in SQLite: Info or Intox... Dominique Devienne
- Re: [sqlite] Claimed vulnerability in SQLite: Info... Clemens Ladisch
- Re: [sqlite] Claimed vulnerability in SQLite: ... Peter da Silva
- Re: [sqlite] Claimed vulnerability in SQLi... Simon Slavin
- Re: [sqlite] Claimed vulnerability in ... Nathan Green
- Re: [sqlite] Claimed vulnerabilit... Peter da Silva
- Re: [sqlite] Claimed vulnerab... Nathan Green
- Re: [sqlite] Claimed vulnerabilit... Keith Medcalf
- Re: [sqlite] Claimed vulnerability in SQLi... Keith Medcalf
- Re: [sqlite] Claimed vulnerability in ... Peter da Silva
- Re: [sqlite] Claimed vulnerability in SQLite: Info... Richard Hipp
- Re: [sqlite] Claimed vulnerability in SQLite: ... Dominique Devienne
- Re: [sqlite] Claimed vulnerability in SQLi... Richard Hipp