Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add a news entry. Fix the release date. Fix typos. |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
9759ba80533be98036ed444d3e7106ca |
| User & Date: | drh 2017-07-26 17:25:38 |
Context
|
2017-07-27
| ||
| 18:20 | Update documentation for the destructor parameters on the pointer passing interfaces. check-in: dd480b4420 user: drh tags: trunk | |
|
2017-07-26
| ||
| 17:25 | Add a news entry. Fix the release date. Fix typos. check-in: 9759ba8053 user: drh tags: trunk | |
| 15:06 | Update test metrics on the testing.html page. check-in: 6fc727b510 user: drh tags: trunk | |
Changes
Changes to pages/bindptr.in.
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
...
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
communicate non-SQL values between subcomponents or between the extension and the application. Some examples: <ul> <li><p> In the [FTS3] extension, the [FTS MATCH|MATCH operator] (which does the full-text search) needs to communicate details of matching entrys to the [snippet()], [offsets()], and [matchinfo()] functions so that those functions can convert the details of the match into useful output. <li><p> In order for an application to [Extending FTS5|add new extensions to FTS5], such as new tokenizers, the application needs a pointer to the "fts5_api" object. ................................................................................ a hostile agent is able to inject arbitrary SQL text into the application, then that agent is already in full control of the application, so letting the hostile agent forge a pointer does not give the agent any new capability. <p> For most cases, it is true that potential attackers have no way of injecting arbitrary SQL, and so most uses of SQLite are immute to the attack above. But there are some notable exceptions. To wit: <ul> <li><p> The [https://en.wikipedia.org/wiki/Web_SQL_Database|WebSQL] interface to webkit allowed any webpage to to run arbitrary SQL in the browser for Chrome and Safari. That arbitrary SQL was supposed to be run inside |
|
>
|
|
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
...
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
communicate non-SQL values between subcomponents or between the extension and the application. Some examples: <ul> <li><p> In the [FTS3] extension, the [FTS MATCH|MATCH operator] (which does the full-text search) needs to communicate details of matching entries to the [snippet()], [offsets()], and [matchinfo()] functions so that those functions can convert the details of the match into useful output. <li><p> In order for an application to [Extending FTS5|add new extensions to FTS5], such as new tokenizers, the application needs a pointer to the "fts5_api" object. ................................................................................ a hostile agent is able to inject arbitrary SQL text into the application, then that agent is already in full control of the application, so letting the hostile agent forge a pointer does not give the agent any new capability. <p> For most cases, it is true that potential attackers have no way of injecting arbitrary SQL, and so most uses of SQLite are immune to the attack above. But there are some notable exceptions. To wit: <ul> <li><p> The [https://en.wikipedia.org/wiki/Web_SQL_Database|WebSQL] interface to webkit allowed any webpage to to run arbitrary SQL in the browser for Chrome and Safari. That arbitrary SQL was supposed to be run inside |
Changes to pages/changes.in.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
proc chng {date desc {options {}}} {
global nChng aChng xrefChng
set aChng($nChng) [list $date $desc $options]
set xrefChng($date) $nChng
incr nChng
}
chng {2017-08-01 (3.20.0)} {
<li> Update the text of error messages returned by [sqlite3_errmsg()] for some
error codes.
<li> Add new [pointer passing interfaces].
<li> Backwards-incompatible changes to some extensions in order to take
advantage of the improved security offered by the new
[pointer passing interfaces]:
<ul>
|
| |
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
proc chng {date desc {options {}}} {
global nChng aChng xrefChng
set aChng($nChng) [list $date $desc $options]
set xrefChng($date) $nChng
incr nChng
}
chng {2017-07-26 (3.20.0)} {
<li> Update the text of error messages returned by [sqlite3_errmsg()] for some
error codes.
<li> Add new [pointer passing interfaces].
<li> Backwards-incompatible changes to some extensions in order to take
advantage of the improved security offered by the new
[pointer passing interfaces]:
<ul>
|
Changes to pages/news.in.
14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
hd_puts "<h3>$date - $title</h3>"
regsub -all "\n( *\n)+" $text "</p>\n\n<p>" txt
regsub -all {[Tt]icket #(\d+)} $txt \
{<a href="http://www.sqlite.org/cvstrac/tktview?tn=\1">\0</a>} txt
hd_resolve "<blockquote>$txt</blockquote>"
hd_puts "<hr width=\"50%\">"
}
newsitem {2017-06-17} {Release 3.18.2} {
SQLite [version 3.18.2] is another backport of a bug fix found
in SQLite [version 3.19.0], specifically the fix for
ticket [https://sqlite.org/src/info/61fe9745|61fe9745]. Changes
against [version 3.18.0] are minimal.
}
|
> > > > > > > > > > > > > > > |
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
hd_puts "<h3>$date - $title</h3>"
regsub -all "\n( *\n)+" $text "</p>\n\n<p>" txt
regsub -all {[Tt]icket #(\d+)} $txt \
{<a href="http://www.sqlite.org/cvstrac/tktview?tn=\1">\0</a>} txt
hd_resolve "<blockquote>$txt</blockquote>"
hd_puts "<hr width=\"50%\">"
}
newsitem {2017-07-26} {Release 3.20.0} {
SQLite [version 3.20.0] is a regularly secheduled maintenance release
of SQLite.
<p>
This release contains many minor enhancements, including:
<ul>
<li> Several new extensions
<li> Enhancements to the "sqlite3.exe" command-line shell
<li> Query planner enhancements
<li> Miscellaneous code optimizations for improved performance
</ul>
<p>
See the [version 3.20.0|release notes] for more information.
}
newsitem {2017-06-17} {Release 3.18.2} {
SQLite [version 3.18.2] is another backport of a bug fix found
in SQLite [version 3.19.0], specifically the fix for
ticket [https://sqlite.org/src/info/61fe9745|61fe9745]. Changes
against [version 3.18.0] are minimal.
}
|
Changes to pages/whyc.in.
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
</tr> </table> </center> <p> In a more complete build, SQLite also uses library routines like malloc() and free() and operating system interfaces for opening, reading, writing, and closing files. But even then, the number of dependences is very small. Other "modern" language, in contrast, often require multi-megabyte runtimes loaded with thousands and thousands of interfaces. <h2>Stability</h2> <p> The C language is old and boring. It is a well-known and well-understood language. This is exactly what one wants when developing a module like SQLite. Writing a small, fast, and reliable database engine is hard enough as it is without the implementation language changing out from under you with each update to the implementation language specification. |
| |
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
</tr>
</table>
</center>
<p>
In a more complete build, SQLite also uses library routines like
malloc() and free() and operating system interfaces for opening, reading,
writing, and closing files. But even then, the number of dependencies
is very small. Other "modern" language, in contrast, often require
multi-megabyte runtimes loaded with thousands and thousands of interfaces.
<h2>Stability</h2>
<p>
The C language is old and boring.
It is a well-known and well-understood language.
This is exactly what one wants when developing a module like SQLite.
Writing a small, fast, and reliable database engine is hard enough as it
is without the implementation language changing out from under you with
each update to the implementation language specification.
|