thanks a lot for signaling this interesting new feature of SQLite;
I've completely missed to notice it.
just for precision: it was introduced by version 3.31.0 released
few considerations: by declaring the SQLITE_DIRECTONLY flag all
security-sensible SQL functions will be forbidden to be called
in the context of TRIGGERs and VIEWs, or in CHECK and DEFAULT clauses.
this seems to be a robust security check ensuring against many
possible malicious attacks, but it seems to me that it's not enough
to completely prevent an insidious threat.
what will happen if a third party SQL script will exploit such
dangerous SQL functions in order to steal sensitive data ?
simply declaring SQLITE_DIRECTONLY will not offer any protection
in such a scenario.
I'm inclined to thiks that declaring SQLITE_DIRECTONLY whenever
is possible surely is a good thing, but I'm not really sure that
it could be a reasonable full replacemente for
SPATIALITE_SECURITY_RELAXED that has a deeper and broader approach.