Index: src/alter.c
==================================================================
--- src/alter.c
+++ src/alter.c
@@ -643,10 +643,17 @@
 
   /* Which schema holds the table to be altered */  
   iSchema = sqlite3SchemaToIndex(db, pTab->pSchema);
   assert( iSchema>=0 );
   zDb = db->aDb[iSchema].zDbSName;
+
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  /* Invoke the authorization callback. */
+  if( sqlite3AuthCheck(pParse, SQLITE_ALTER_TABLE, zDb, pTab->zName, 0) ){
+    goto exit_rename_column;
+  }
+#endif
 
   /* Make sure the old name really is a column name in the table to be
   ** altered.  Set iCol to be the index of the column being renamed */
   zOld = sqlite3NameFromToken(db, pOld);
   if( !zOld ) goto exit_rename_column;

Index: test/altercol.test
==================================================================
--- test/altercol.test
+++ test/altercol.test
@@ -244,10 +244,12 @@
 } {}
 
 #-------------------------------------------------------------------------
 # Triggers.
 #
+db close
+db2 close
 reset_db
 do_execsql_test 7.0 {
   CREATE TABLE c(x);
   INSERT INTO c VALUES(0);
   CREATE TABLE t6("col a", "col b", "col c");

Index: test/auth.test
==================================================================
--- test/auth.test
+++ test/auth.test
@@ -2130,10 +2130,79 @@
     WITH RECURSIVE
        auth1314(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1314 WHERE x<5)
     SELECT * FROM t1 LEFT JOIN auth1314;
   } {1 {not authorized}}
 } ;# ifcapable cte
+
+#
+# db eval {SELECT sql FROM temp.sqlite_master} {puts "TEMP: $sql;"}
+# db eval {SELECT sql FROM main.sqlite_master} {puts "MAIN: $sql;"}
+#
+#    MAIN: CREATE TABLE "t2"(a,b,c);
+#    MAIN: CREATE TABLE t4(a,b,c);
+#    MAIN: CREATE INDEX t4i1 ON t4(a);
+#    MAIN: CREATE INDEX t4i2 ON t4(b,a,c);
+#    MAIN: CREATE TABLE sqlite_stat1(tbl,idx,stat);
+#    MAIN: CREATE TABLE t1(a,b);
+#
+ifcapable altertable {
+  do_test 1.350 {
+    proc auth {code arg1 arg2 arg3 arg4 args} {
+      if {$code=="SQLITE_ALTER_TABLE"} {
+        set ::authargs [list $arg1 $arg2 $arg3 $arg4]
+        return SQLITE_OK
+      }
+      return SQLITE_OK
+    }
+    catchsql {
+      ALTER TABLE t1 RENAME COLUMN b TO bcdefg;
+    }
+  } {0 {}}
+  do_execsql_test auth-1.351 {
+    SELECT name FROM pragma_table_info('t1') ORDER BY cid;
+  } {a bcdefg}
+  do_test auth-1.352 {
+    set authargs
+  } {main t1 {} {}}
+  do_test 1.353 {
+    proc auth {code arg1 arg2 arg3 arg4 args} {
+      if {$code=="SQLITE_ALTER_TABLE"} {
+        set ::authargs [list $arg1 $arg2 $arg3 $arg4]
+        return SQLITE_IGNORE
+      }
+      return SQLITE_OK
+    }
+    catchsql {
+      ALTER TABLE t1 RENAME COLUMN bcdefg TO b;
+    }
+  } {0 {}}
+  do_execsql_test auth-1.354 {
+    SELECT name FROM pragma_table_info('t1') ORDER BY cid;
+  } {a bcdefg}
+  do_test auth-1.355 {
+    set authargs
+  } {main t1 {} {}}
+  do_test 1.356 {
+    proc auth {code arg1 arg2 arg3 arg4 args} {
+      if {$code=="SQLITE_ALTER_TABLE"} {
+        set ::authargs [list $arg1 $arg2 $arg3 $arg4]
+        return SQLITE_DENY
+      }
+      return SQLITE_OK
+    }
+    catchsql {
+      ALTER TABLE t1 RENAME COLUMN bcdefg TO b;
+    }
+  } {1 {not authorized}}
+  do_execsql_test auth-1.356 {
+    SELECT name FROM pragma_table_info('t1') ORDER BY cid;
+  } {a bcdefg}
+  do_test auth-1.357 {
+    set authargs
+  } {main t1 {} {}}
+}
+
 
 do_test auth-2.1 {
   proc auth {code arg1 arg2 arg3 arg4 args} {
     if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
       return SQLITE_DENY