One use of this I would like is to create a security framework around arbitrary SQL queries from the user. So, for example, I'd love to determine which tables (and which columns of those tables) a particular query is going to access, and then compare that list against a whitelist of columns the user is authorized to access. I'm not confident enough in my own parsing skills to make something foolproof, but if I were using the same exact parser as sqlite, then it would be impossible to "trick".
Any suggestions on how to use the private Lemon parser methods to accomplish this? Thanks! -david On Mon, Jan 18, 2016 at 7:17 AM, Domingo Alvarez Duarte < sqlite-mail at dev.dadbiz.es> wrote: > Is this something crazy to ask as a developer ? > > I think that even for the author something like this would make several > tasks > easier. > > Ideally I would like to feed the parser with an sql string, get it's syntax > tree, maybe do some rewrite and feed it execute it, this possibility can > open > the door to amazing things. > > > > Thanks for all answers so far, I still want to hear any other idea that can > lead to achieve the original request ! > > > > Cheers ! > > _______________________________________________ > sqlite-users mailing list > sqlite-users at mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users >
