Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:3900
Return-Path: <derick@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 57126 invoked from network); 14 Aug 2003 07:32:59 -0000
Received: from unknown (HELO jdi.jdimedia.nl) (212.204.192.51)
  by pb1.pair.com with SMTP; 14 Aug 2003 07:32:59 -0000
Received: from jdi.jdimedia.nl (jdi.jdimedia.nl [212.204.192.51])
	by jdi.jdimedia.nl (8.12.4/8.12.4) with ESMTP id h7E7WugT017983;
	Thu, 14 Aug 2003 09:32:58 +0200
Date: Thu, 14 Aug 2003 09:32:56 +0200 (CEST)
X-X-Sender: derick@jdi.jdimedia.nl
To: moshe doron <mosdoron@netvision.net.il>
cc: internals@lists.php.net
In-Reply-To: <20030814072704.49157.qmail@pb1.pair.com>
Message-ID: <Pine.LNX.4.53.0308140932320.12247@jdi.jdimedia.nl>
References: <200308071447.03285.ilia@prohost.org> <20030814072704.49157.qmail@pb1.pair.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [PHP-DEV] Re: PHP 4.3.3RC3 Released
From: derick@php.net (Derick Rethans)

On Thu, 14 Aug 2003, moshe doron wrote:

> What about hacking somehow the sqlite library to disallow chained queries
> (or at least do it optionally)?
> 
> This behavior is *huge* security hole, allow to the cracker drop ur database
> using simple select where query.

How is this a security hole?

regards,
Derick

-- 
"Interpreting what the GPL actually means is a job best left to those
                    that read the future by examining animal entrails."
-------------------------------------------------------------------------
 Derick Rethans                                 http://derickrethans.nl/ 
 International PHP Magazine                          http://php-mag.net/
-------------------------------------------------------------------------