HackerTrans
TopNewTrendsCommentsPastAskShowJobs

coleifer

no profile record

comments

coleifer
·7 năm trước·discuss
Lennart, we know it's you.
coleifer
·8 năm trước·discuss
Not sure why this is being downvoted, but you're correct. Now, a networked application that exposes some level of access to sqlite? That's another story. The question I think we all are asking is just how much "leg" does sqlite have to show to be vulnerable?
coleifer
·8 năm trước·discuss
My guess, for what it's worth, is that chromium is vulnerable because it exposes sqlite to web applications, which can then execute queries in such a way as to achieve code execution.

I highly doubt this would affect, say, a blog running with a sqlite database. From the alarmist nature of this post, though, it's unclear.

I see chromium, in their patch, switched to using new flags when opening the DB. There are also some sqlite changes that seem to prevent meddling with virtual table shadow tables (eg inverted index for the fts3 extension).

The question I think everyone is asking is how much sqlite needs to be exposed by an application in order to be vulnerable?

Just my thoughts. Eager to learn more.
coleifer
·8 năm trước·discuss
Yeah, it has quite a bit of marketing juju going on, which flies in the face of the "just for fun" disclaimer. If its just for fun, why push it so hard? The testimonials is especially cringe.

Its not just another web framework, its another plea for approval.