On 8/2/19, Gwendal Roué <gwendal.r...@gmail.com> wrote: > > Do you think this can still be seen as a misuse of the library? >
Forcing a reprepare after an authorizer change is a security feature. It helps to prevent people from adding an authorizer, but then mistakenly using a statement that was prepared before the authorizer was added, thinking that the authorizer prevented that statement from leaking sensitive information or harming the database, when it does not. You have hacked around this security feature. As long as you are careful to never use a prepared statement that was created using a lax authorizer, then you will be fine. But if you mess up, and accidentally use a prepared statement with an incorrect authorizer, and that statement leaks information or allows unauthorized changes to the database, then no tears. -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
