Unfortunately, for the SQLITE_SELECT action code (http://www.sqlite.org/c3ref/c_alter_table.html) the registered auth callback will not get the column information. It is only available for SQLITE_READ, which, I guess, is not what I need - I would like prepare statement to fail if there are "hidden columns" in the search criteria. Is this possible?
> http://www.sqlite.org/c3ref/set_authorizer.html > > This feature is used by systems such as > > http://www.cvstrac.org/ > http://www.fossil-scm.org/ > > to prevent unauthorized users from enters hostile SQL, or from > entering SQL that uses sensitive information such as the "password" > column of the "user" table. > > D. Richard Hipp > drh at hwaci.com <http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users> _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
