> On Dec 20, 2018, at 4:46 PM, Peter da Silva <[email protected]> wrote:
>
> Sqlite is explicitly not designed to be secure against untrusted input or
> corrupt .
That was true a couple of years ago, but SQLite has been hardened since, mostly
because of problems in Chromium.
"SQLite should never crash, overflow a buffer, leak memory, or exhibit any
other harmful behavior, even with presented with maliciously malformed SQL
inputs or database files. SQLite should always detect erroneous inputs and
raise an error, not crash or corrupt memory. Any malfunction caused by an SQL
input or database file is considered a serious bug and will be promptly
addressed when brought to the attention of the SQLite developers. SQLite is
extensively fuzz-tested to help ensure that it is resistant to these kinds of
errors.”
https://www.sqlite.org/security.html
—Jens
_______________________________________________
sqlite-users mailing list
[email protected]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
