-
-
Notifications
You must be signed in to change notification settings - Fork 394
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable load_extension() function? #1065
Comments
better-sqlite3/src/objects/database.lzz Lines 370 to 390 in ae23e69
better-sqlite3/src/objects/database.lzz Line 180 in ae23e69
I'm confused what you actually want, maybe you can give a code example of the new API that you are suggesting? What exactly are you missing that you cannot do right now? |
Hi @Prinzhorn thanks for the reply! What I meant was I'd like to allow our users to load any extension (at any time) by calling the SQL function from within a sql query, e.g.: SELECT load_extension('./re.so'); currently, issuing a sql query that calls this function results in the error: - SqliteError: not authorized To allow the use the load_extension() inside a SQL command the docs linked above say you have to:
so apparently |
Oh, thanks for clarifying, I didn't pay enough attention. Makes sense that you could optionally enable that for a |
Hi!
I am loading sqlite extensions at connection time using the db.loadExtension() API but would rather use the SQL load_extension() function to load them at runtime.
As the SQLite docs above say say, allowing users to call this function in SQL is disabled by default, as it opens up a potential SQL injection vulnerability. Is there a way to call this sqlite C-API function below to re-enable it for use through
better-sqlite3
?https://www.sqlite.org/c3ref/enable_load_extension.html
Thanks in advance!
The text was updated successfully, but these errors were encountered: