Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:120717 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 42618 invoked from network); 29 Jun 2023 10:39:54 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 29 Jun 2023 10:39:54 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 9FE101804BE for ; Thu, 29 Jun 2023 03:39:53 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_20,DKIM_INVALID, DKIM_SIGNED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS16276 91.121.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from mail.kd2.org (citrouille.kd2.org [91.121.181.110]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 29 Jun 2023 03:39:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bohwaz.net; s=mail; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3UnFSrcWoV8+QycgFeDP9MDKkfowUsNn9Z9xRjBtUlA=; b=BRZltJecknmBq33K6u0CODBscY LMeqLY66Ct7Lfajks5lb7WaNsvgdF0vFeRCB4D+IArI7IFckEz85ZvmZd/faCBlZiT5/DGHRVmSRK T+W2XkAh10b3QDRiPbaDouFq9NJSd7FLXK1eLxoYzy28Uw8EX1jqp3T6sG1yMK53AVN8=; Received: from 16.199.23.93.rev.sfr.net ([93.23.199.16] helo=platypus) by mail.kd2.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qEp43-00AyCX-5C for internals@lists.php.net; Thu, 29 Jun 2023 12:39:51 +0200 Date: Thu, 29 Jun 2023 12:39:44 +0200 To: internals@lists.php.net Message-ID: <20230629123944.35fc71a7@platypus> In-Reply-To: References: X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) X-Face: #"dGtXaYpS9,C:d{FJZ<@4|;AL[R;I`|\;HN}zkw(rmBsu$)Dhed/z8e%U@Ra@JQ;,Nx?Xopxa+:gb?}efqG\/7TnBPHBRjU^g}$;rL4"jYrE#M^%*(?;Qb{HHbOf"q}bnOjU.'SEL:||\2*swZ>NN9pe(pnejy{ijk9%/8 As that means that SQLite extensions can only be loaded through C code > (not through SQL), and if someone can upload and execute code to your > server, your server is compromised anyway, having to edit ini files to > enable extension loading, seems like a bad tradeoff. I'm sorry to disagree, but changing this would be a bad idea for security. Imagine this scenario: - user can execute SQL statements (that's the case in my app: users can execute read-only statements, this is by design) - user can upload files I'm quite sure that I never want users to be able to load any extension through SQL, or it would mean trouble :( Also, we have recently see malicious extensions able to escape SQLite3 and gain shell access... Sounds bad. So just like in the SQLite3 extension, extension loading should be limited to using the PHP method, not SQL. And we should be able to restrict which extensions can be loaded, at the server level (PHP_INI_SYSTEM), as in mass hosting we don't want hosted sites to be able to load any extension. For other points of the RFC: - forcing to UTF8 is OK for me, I don't think anyone ever requested being able to do something different over the years for the SQLite3 extension. - it would be great to also have ::setAuthorizer in PDOSQLite :) - same for ::backup :) - not sure what would be the best for asserting if a statement is read-only, to get the same as SQLite3Stmt::readOnly(), maybe something like: PDOStatement::getAttribute(PDOSQLite::READ_ONLY_STATEMENT) ? Thanks for your work and time! It's great to finally see some progress on PDO and custom driver features :)