> I am working on a language binding to SQLite, and I am trying to > figure out what features can safely be made available to untrusted > code. And I am trying to figure out if I can make > callbacks/handlers/authorizer safe for untrusted code, I suspect not. > So, is it safe to make normal SQLite API calls from inside a SQLite > callback/handler? Is it safe to setjmp/throw out of a callback/handler? > Basically is the state of the statement and database in a consistent > state when callbacks/handlers are called?
So, in my tests reentrancy seems to work, I can do various SQLite calls from inside a callback/handler. setjmp/throw out of a callback seems to work sometimes, but not always, sqlite3_exec() leaves un-finalized statements around if you do that. And it seems like that is asking for trouble in general, so I will definately disallow exceptions in callbacks in my language binding. William Bardwell [EMAIL PROTECTED] _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
