> -------- Original Message -------- > Subject: Re: [sqlite] SQL syntax possibilities > From: Darren Duncan <[EMAIL PROTECTED]> > Date: Wed, November 16, 2005 10:41 pm > To: [email protected] > > At 1:34 AM -0700 11/16/05, [EMAIL PROTECTED] wrote: > >uSQLite does not (generally) enter into the details of the query it is > >passed. There is however an exception for security. uSQLite requires a > >login and (depending on the user and network) assigns the user a level: > > > >0: No access > >1: Select only > >2: Update/Insert only > >3: Select/Update/Insert only > >4: Power user > > Maybe your list wasn't complete, but I notice that 'Delete' is > conspicuously absent, yet it is necessary to do many common tasks. >
Yes, you could reason that delete should be at level 3. I started of with Read only or read/write and added 2 because it is appropriate for remote automated data insertion, which is a prime application of the protocol. I did 3 and 4 to seperate nervous users form confident users:-) Perhaps it is just the way I define databases, but I find delete little use in normal operations, I keep everything :-) Having said that, I also kept things simple to mimimise the complications of parsing the SQL, but now I realise I can leave that to SQL by means of the authorise callback, I may let a few extra levels creep in or more likely do a bit field. Keeping remote access within necessary limits is just good sense. I agree with you about the damage causable by UPDATE however. I have long felt that SQL should make WHERE clauses obigatory. The UPDATE is particularly terrible as it is very easy to hit return prematurly after completing the values. IMHO, if you want to operate on all records then it should be necessary to put a WHERE ALL clause or something. Would a PRAGMA FORCE_WHERE option in SQLite be considered feature creep? Perhaps some notion allready exists, I am no expert on SQL syntax and standards.
