Christian Boos wrote: > Christian Boos wrote: > >> Christopher Lenz wrote: >> >> >>> On 13.12.2007, at 11:37, Noah Kantrowitz wrote: >>> >>> >>> >>>> A possible security issue exists with pooled SQLite connection and the >>>> ATTACH/DETACH statements. >>>> >>>> > > As an afterthought: "with pooled SQLite connection" - maybe Noah had > another vulnerability in mind. > Anyway, this topic should have been discussed on trac-security. > I am not on that list as far as I know. The pooled part is because you can only run one statement in a given report so this would require multiple coordinated reports. In my tests on Windows I wasn't actually able to accomplish this. Given the somewhat theoretical nature of this issue, I didn't think it necessary to go to secret route.
--Noah
signature.asc
Description: OpenPGP digital signature
