bug for user auth

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

bug for user auth

XIAO DAI
Hello,


I have compiled SQLite v3.15.2 with the functions "sqlite3_user_authenticate, it runs well, for all the versions > 3.15.2, I can add the logins into the database, but sqlite(shell.c) does NOT ask for the authentication.


Sorry for my poor english


sincerely



Xiao DAI

Ingénieur BE

01 49 62 27 83

[hidden email]<mailto:[hidden email]>

 16, rue Lavoisier - ZI - 94430 Chennevières/Marne - France


[http://www.noralsy.com/wp-content/uploads/2015/08/sign.jpg]<http://www.noralsy.com>
________________________________
Venez assister aux séminaires de formation Noralsy : inscription sur http://www.noralsy.com/formations/

________________________________
Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés.

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: bug for user auth

Dominique Devienne
2017-05-03 10:56 GMT+02:00 XIAO DAI <[hidden email]>:

> I have compiled SQLite v3.15.2 with the functions
> "sqlite3_user_authenticate, it runs well, for all the versions > 3.15.2, I
> can add the logins into the database, but sqlite(shell.c) does NOT ask for
> the authentication.
>

From https://www.sqlite.org/src/artifact/e6641021a9210364

Probably because the shell you're using is not compiled with the
-DSQLITE_USER_AUTHENTICATION compile-time option.

The User-Auth extension is based on the presence of the sqlite_user table,
which is somewhat "protected" simply by using the reversed sqlite_ prefix,
unless using "PRAGMA writable_schema=ON", as the doc above mentions.

So basically any normal SQLite app can bypass the user-auth, unless the DB
is also encrypted. --DD
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users