Artifact 6a7ce66641dbcab2a81388da4f7a720a1c52061073f39ca9633077053dad4dee:
- File pages/security.in — part of check-in [7b6b7a791b] at 2018-11-12 15:24:40 on branch trunk — Enhancements to the documentation regarding security and shadow tables. (user: drh size: 1953)
<title>Resistance To Attack</title> <tcl>hd_keywords security {attack resistance}</tcl> <fancy_format> <h1>SQLite Always Validates Its Inputs</h1> <p> SQLite should never crash, overflow a buffer, leak memory, or exhibit any other harmful behavior, even with presented with maliciously malformed SQL inputs or database files. SQLite should always detected erroneous inputs and raise an error, not crash or corrupt memory. Any malfunction caused by an SQL input or database file is considered a serious bug and will be promptly addressed when brought to the attention of the SQLite developers. SQLite is extensively fuzz-tested to help ensure that it is highly resistant to these kinds of errors. <p> Nevertheless, bugs happen. If you are writing an application that sends untrusted SQL inputs or database files to SQLite, there are additional steps you can take to help prevent zero-day exploits caused by undetected bugs: <h2>Untrusted SQL Inputs</h2> <p> Applications that accept untrusted SQL inputs should take the following precautions: <ol> <li><p> Set the [SQLITE_DBCONFIG_DEFENSIVE] flag. This prevents ordinary SQL statements from corrupted the database file. <li><p> Consider using the [sqlite3_set_authorizer()] interface to limit the scope of SQL that will be processed. </ol> <h2>Untrusted SQLite Database Files</h2> <p>Applications that accept untrusted database files should do the following: <ol> <li value="3"><p> Run [PRAGMA integrity_check] or [PRAGMA quick_check] on the database first, prior to running any other SQLite, and reject the file if any errors are detected. <li><p> Enable the [PRAGMA cell_size_check=ON] setting. </ol> <h1>Summary</h1> <p> The precautions above are not required in order to use SQLite safely with potentially hostile inputs. However, they do provide an extra layer of defense against zero-day exploits and are encouraged for applications that pass data from untrusted sources into SQLite.