On Mar 3, 2009, at 8:18 PM, Alex Ousherovitch wrote: > Hello list, > > > > I need to implement a security model where certain columns (e.g. named > super_secret_key) will be hidden. > > This needs to be enforced not only for the requested result columns > but > also for the columns referenced in the WHERE clause. > > Is there a relatively simple way to either get each column > referenced in > the WHERE clause or build a query that would check if the WHERE clause > (I could place it in a temporary table) contains the > super_secret_key as > a column name, but not as a value. >
http://www.sqlite.org/c3ref/set_authorizer.html This feature is used by systems such as http://www.cvstrac.org/ http://www.fossil-scm.org/ to prevent unauthorized users from enters hostile SQL, or from entering SQL that uses sensitive information such as the "password" column of the "user" table. D. Richard Hipp d...@hwaci.com _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
