Question about parameterized statements

[Yannick G]

Hey,

I have a question about SQL injections prevention.

What happens when the data API receives an execute statement with parametrized requests : which SQLite functions are called, sqlite3_prepare() and / or sqlite_escape_string() ? How fields are mapped from json text content to database fields ?

TY

 

[Philip O'Toole]

I do not know without digging into the source, there are a couple of layers between what I wrote and SQLite. However it is handled correctly, I assure you. I have a unit test that checks that injection is prevented with parameterized queries.

Is there a particular concern you have? Perhaps it would be easier to demonstrate that parameterized queries address injection concerns.

Philip

--
You received this message because you are subscribed to the Google Groups "rqlite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rqlite+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rqlite/d3db2c94-7f28-4463-8e34-cf4e7e839ac6n%40googlegroups.com.

[Yannick G]

I'm ticking the boxes before giving a try to prod and I have some dummy questions, but only one I think I should ask you with my use case. I need to have a copy of the db pushed to a client api server every x hours and the db should be 5-20 Go don't know exactly for now.

What is the more convenient way to have this copy : I launch a read-only node and copy the file or should I make a dump and move the dump ? The dump provided by rqlite is a rqlite file or a regular sqlite db ? Is there any size problems with > 20 Go and rqlite ?

best regards

To view this discussion on the web visit https://groups.google.com/d/msgid/rqlite/CAEajhJPGDp48i3DdgOQkBSumhf53uwCm%3DZ7A7W6bWkS_AriCjQ%40mail.gmail.com.

[Philip O'Toole]

Those are large files, I haven't done testing at that size. There are no limits in the code, so it should work in principle, but depends on your hardware, memory, and network. I suggest you try it.

Copying the file directly can result in errors, create a backup which generates a consistent database file, and copy that.

https://github.com/rqlite/rqlite/blob/master/DOC/BACKUPS.md

To view this discussion on the web visit https://groups.google.com/d/msgid/rqlite/CA%2BT3qxV77dQ59Rq-40OX65W0mA1a9--oy%3D2KoPOBX7SWVvqA1Q%40mail.gmail.com.