edgar soldin wrote: > just assumed because of > https://sourceforge.net/p/jump-pilot/code/HEAD/tree/core/trunk/src/com/vividsolutions/jump/datastore/spatialite/SpatialiteDataStoreDriver.java#l69 > "new SQLiteConfig().enableLoadExtension(true);" > but obviously this just autoloads the sqlite native libs.
SQLite has two steps for increasing security: - If SQLite is compiled with SQLITE_OMIT_LOAD_EXTENSION it will be impossible to load extensions - If the use of LOAD_EXTENSION is allowed "enableLoadExtension()" must still be called first - Only after that it is possible to load extension. There are couple of ways to do that including SELECT load_extension(). The setting is off by default. Notice that end user can also enter SQL with "SELECT load_extension()". Enabling load_extension is only on or off and when when OpenJUMP enables loading mod_spatialite it allows loading any other extension to the same connection as well. It is hard to see that as a security risk for OpenJUMP. http://www.sqlite.org/loadext.html http://www.sqlite.org/c3ref/enable_load_extension.html -Jukka Rahkonen- ------------------------------------------------------------------------------ _______________________________________________ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
