Running ImportSHP programatically

[ckgoo...@gmail.com]

Hi, in my C++ application I use the SQLIte3 API to do things with my Spatialite database.

I want to execute “SELECT ImportSHP(…” but  I can’t make the SPATIALITE_SECURITY  env variable set to ‘relaxed’ to stick.

I therefor get an error when I execute the SQL that the ImportSHP function does not exist.

How do I get this env variable recognized by Spatialite when it is instantiated through the SQLite3 API?

Best, Chris

[a.fu...@lqt.it]

Hi Chris,
let's do a quick review.

Usually all DBMS carefully avoid allowing I/O operations directly
on ordinary files belognging to the File System, because they could
represent a very serious risk for computer security.
All the more so considering that the least experienced users
difficultly expect SQL operations to be able to read or write
files external to the DBMS itself.

A malicious hacker could easily exploit this vulnerability to
steal sensitive data or install viruses, trojans and other
malware without the user's knowledge.
This is precisely why the external environmente variable
SPATIALITE_SECURITY=relaxed exists.
To activate any potentially dangerous SQL function, the
user must give explicit prior consent by setting a relaxed
security, thus assuming all potential risks involved.

--------------------------------

How external environment variables work; they exist on both
Unix/Linux and Windows, but of course they work slightly
differently.

from the Unix/Linux shell:
==========================
export "SPATIALITE_SECURITY=relaxed"
(this is to create and set the variable)
echo $SPATIALITE_SECURITY
(this is to check the current setting)

from the Windows CMD.EXE
========================
set SPATIALITE_SECURITY=relaxed
(this is to create and set the variable)
echo %SPATIALITE_SECURITY%
(this is to check the current setting)

On both Linux and Windows, once an environment variable
is set, it remains valid for the entire lifespan of the
current command shell.
When the shell ends, it will obviously be lost.

If you want, you can permanently register an environment
variable so that it remains defined even after a reboot;
but this is still an action that the user must perform
(and it's also quite a pain).

--------------------------------

The alternative: adopt a C/C++ solution:

The standard library <stdlib.h> supports two APIs for
directly manipulating the current process's environment
variables:

- getenv()
- putenv()

please check the appropriate documentation.

Note: again, on Windows these APIs are slightly different;
please check carefully.

If you're looking for a concrete example of how
SPATIALITE_SECURITY is handled internally by SpatiaLite
tests, take a look at the test/check_zipshp.c source.
(works on both Linux and Windows)

best regards.
Sandro