Thanks, Alexey! I'll experiment with this.
On Sun, Mar 8, 2009 at 8:08 AM, Alexey Pechnikov <pechni...@mobigroup.ru> wrote:
> Hello!
>
>> I too am puzzled. Perhaps the app involves a web server accepting any
>> bunch of text from anybody who knows the URL and just running the text
>> as an SQL query -- i.e. read-only is perceived to be a last-ditch
>> (only?) defence against an SQL injection attack.
>
> There is "authorizer" callback for access control. See example below how to
> deny some operations on any of opened databases:
>
> sqlite3 db user.db
> db eval {ATTACH DATABASE 'work.db' as work}
> db authorizer authorizer
>
> proc authorizer {args} {
> set dbname [lindex $args 3]
> set code [lindex $args 0]
> set action [lindex $args 1]
>
> if { $dbname ne {work}} {
> return SQLITE_OK
> }
> if { $dbname eq {work} && [lin {SQLITE_READ SQLITE_SELECT} $code] == 1 }
> {
> return SQLITE_OK
> }
> ns_log Error "DENY DATABASE AUTORIZER\t$args"
> return SQLITE_DENY
> }
>
>
> Were some problems with authorizer in tcl but now all bugs are closed. With
> other langs you may test self.
>
> Best regards.
> _______________________________________________
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
