Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
About branch new-security-options
This branch strives to make it easier for applications to defend against attacks in which the attacker changes the schema of a database to include malicious SQL functions or virtual tables in trigger or views and then tricks the victim application into reading the database file and thereby running the malicious SQL as a consequence of doing an normal query.
See the design notes for details.
38 check-ins related to "new-security-options"
|
2020-01-09
| ||
| 20:44 | Merge in the untrusted-schema enhancements. See [/doc/87aea3ab1cdda453/doc/trusted-schema.md|doc/trusted-schema.md] for details. (check-in: 5720924cb0 user: drh tags: trunk) | |
| 16:28 | Fix a problem in the encoding display in the updated PRAGMA function_list. (Closed-Leaf check-in: 318ff7720b user: drh tags: new-security-options) | |
| 16:00 | Fix minor typos in the trusted-schema.md document. (check-in: 87aea3ab1c user: drh tags: new-security-options) | |
| 15:18 | Minor formatting changes in the trusted-schema.md document. (check-in: 55553b5e5e user: drh tags: new-security-options) | |
| 14:51 | Design notes for the new-security-options branch. (check-in: af7c1ed4f8 user: drh tags: new-security-options) | |
| 13:08 | Simplified error message for the unsafe use of a virtual table. (check-in: d662129a60 user: drh tags: new-security-options) | |
| 01:20 | Fix a problem that restricted edgy functions in TEMP tables. New test cases added. (check-in: 8878c40753 user: drh tags: new-security-options) | |
|
2020-01-08
| ||
| 22:22 | Block edgy functions used in DEFAULT constraints. (check-in: da434dc149 user: drh tags: new-security-options) | |
| 20:37 | Performance improvements and test cases added. Allow "PRAGMA trusted_schema=ON" (check-in: 30882ca80f user: drh tags: new-security-options) | |
| 17:28 | Check for whether or not it is safe to use non-innocuous functions as the function is being coded, not when its name is resolved. (check-in: 1da802d54b user: drh tags: new-security-options) | |
| 15:44 | Provide the -innocuous option to the "db func" method in the TCL interface. (check-in: 0138652b6c user: drh tags: new-security-options) | |
| 15:43 | Fix the rot13.c extension to be deterministic. Add the noop.c extension. (check-in: a679122ca8 user: drh tags: new-security-options) | |
| 14:39 | In the TreeView debugging output, show a "DDL" mark on SrcList and Expr nodes that derive from a non-TEMP schema. (check-in: fe7472fd2a user: drh tags: new-security-options) | |
| 13:08 | Merge recent changes from trunk. (check-in: 5962921fce user: drh tags: new-security-options) | |
| 12:17 | When doing a text-to-double conversion on a BLOB with an odd number of bytes and assuming a UTF16 encoding, ignore the last byte. Ticket [9eda2697f5cc1aba]. (check-in: 1c76f1d8ec user: drh tags: trunk) | |
|
2020-01-07
| ||
| 19:45 | Create the "trusted_schema" pragma. Add sqlite3_vtab_config() calls to set the risk rank for many virtual tables. (check-in: 4c21373c21 user: drh tags: new-security-options) | |
| 18:10 | Enforce SQLITE_VTABRISK restrictions. (check-in: 3d87ff312e user: drh tags: new-security-options) | |
| 16:09 | Invert the UNTRUSTED_SCHEMA setting to be TRUSTED_SCHEMA. (check-in: f5fcf1fbc6 user: drh tags: new-security-options) | |
| 15:44 | Merge recent fixes from trunk. (check-in: 5dfa33a09e user: drh tags: new-security-options) | |
| 13:32 | Add an "|| CORRUPT_DB" term to an assert() statement inside of btree. (check-in: 03c1d75ddc user: drh tags: trunk) | |
|
2020-01-06
| ||
| 19:30 | Merge enhancements from trunk. (check-in: 9c50f6c28a user: drh tags: new-security-options) | |
| 19:23 | Rewrite the (debugging use only) sqlite3VdbeMemPrettyPrint() function to use the safer StrAccum interface rather than writing directly into a static string buffer. Perhaps this will address ticket [bbd55a97e66ff50d], which we are unable to reproduce. (check-in: 69f6a7e42f user: drh tags: trunk) | |
| 15:25 | Refactor names of flags for improved legibility. (check-in: 411e8ec221 user: drh tags: new-security-options) | |
|
2020-01-04
| ||
| 20:58 | Refactor the names of the new controls for restricting what actions the schema can take behind the application's back. (check-in: 65d7d39a85 user: drh tags: new-security-options) | |
| 19:58 | Enhance PRAGMA function_list to show internal functions if the direct use of internal functions is enabled via the SQLITE_TESTCTRL_INTERNAL_FUNCTIONS test control. (check-in: 7a8d7ca726 user: drh tags: new-security-options) | |
| 19:19 | Merge all fixes and enhancements from trunk. (check-in: b878c30f03 user: drh tags: new-security-options) | |
| 19:14 | Fix DBSTAT so that it returns no rows, rather than an error when the WHERE clause is "schema=NULL". (check-in: 5b246b47ae user: drh tags: trunk) | |
| 15:37 | Merge the latest fixes from trunk. (check-in: 26ef709a47 user: drh tags: new-security-options) | |
| 15:21 | Fix a false-positive in the register validity tracking logic by moving the temporary register release call before the jump that uses that temporary register. (check-in: 9da48a5ca6 user: drh tags: trunk) | |
| 01:43 | Enhance PRAGMA function_list so that it shows all instances of each FuncDef, the number of arguments, the encoding, the type, and the flags. Use this capability to locate and fix incorrect function flags in the standard build. (check-in: 9ca906d24a user: drh tags: new-security-options) | |
|
2020-01-03
| ||
| 21:57 | Invert the SQLITE_FUNC_SAFE bit to be SQLITE_FUNC_UNSAFE. The external bit is still SQLITE_INNOCUOUS. It gets inverted as the appdef function is registered. (check-in: 1c266cb3be user: drh tags: new-security-options) | |
| 20:57 | When UNSAFE_IN_VIEW is disabled, only allow functions in views that are tagged with SQLITE_INNOCUOUS. (check-in: 9ee79b254e user: drh tags: new-security-options) | |
| 15:22 | Merge fixes from trunk. (check-in: 002406df22 user: drh tags: new-security-options) | |
| 14:34 | Remove an over-zealous ALWAYS() macro and add a test case that shows that the conditional can sometimes be false. (check-in: 536e9a9d1b user: drh tags: trunk) | |
|
2020-01-02
| ||
| 23:50 | Merge enhancements from trunk. (check-in: 091403a670 user: drh tags: new-security-options) | |
| 22:28 | Add the two-size lookaside memory allocator. Also, reduce the per-entry size of the ExprList object. (check-in: 51665bf0f9 user: drh tags: trunk) | |
|
2019-12-31
| ||
| 22:52 | Experimental branch with new sqlite3_db_config() options that could possible enhance security for applications reading potentially compromised database files. (check-in: 96a2db2612 user: drh tags: new-security-options) | |
| 18:39 | Also set the SQLITE_DIRECTONLY flag on the load_extension() function. (check-in: 3bd095a531 user: drh tags: trunk) | |