diff options
Diffstat (limited to 'www/c3ref/set_authorizer.html')
-rw-r--r-- | www/c3ref/set_authorizer.html | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/www/c3ref/set_authorizer.html b/www/c3ref/set_authorizer.html new file mode 100644 index 0000000..31d9c2c --- /dev/null +++ b/www/c3ref/set_authorizer.html @@ -0,0 +1,218 @@ +<!DOCTYPE html> +<html><head> +<meta name="viewport" content="width=device-width, initial-scale=1.0"> +<meta http-equiv="content-type" content="text/html; charset=UTF-8"> +<link href="../sqlite.css" rel="stylesheet"> +<title>Compile-Time Authorization Callbacks</title> +<!-- path=../ --> +</head> +<body> +<div class=nosearch> +<a href="../index.html"> +<img class="logo" src="../images/sqlite370_banner.gif" alt="SQLite" border="0"> +</a> +<div><!-- IE hack to prevent disappearing logo --></div> +<div class="tagline desktoponly"> +Small. Fast. Reliable.<br>Choose any three. +</div> +<div class="menu mainmenu"> +<ul> +<li><a href="../index.html">Home</a> +<li class='mobileonly'><a href="javascript:void(0)" onclick='toggle_div("submenu")'>Menu</a> +<li class='wideonly'><a href='../about.html'>About</a> +<li class='desktoponly'><a href="../docs.html">Documentation</a> +<li class='desktoponly'><a href="../download.html">Download</a> +<li class='wideonly'><a href='../copyright.html'>License</a> +<li class='desktoponly'><a href="../support.html">Support</a> +<li class='desktoponly'><a href="../prosupport.html">Purchase</a> +<li class='search' id='search_menubutton'> +<a href="javascript:void(0)" onclick='toggle_search()'>Search</a> +</ul> +</div> +<div class="menu submenu" id="submenu"> +<ul> +<li><a href='../about.html'>About</a> +<li><a href='../docs.html'>Documentation</a> +<li><a href='../download.html'>Download</a> +<li><a href='../support.html'>Support</a> +<li><a href='../prosupport.html'>Purchase</a> +</ul> +</div> +<div class="searchmenu" id="searchmenu"> +<form method="GET" action="../search"> +<select name="s" id="searchtype"> +<option value="d">Search Documentation</option> +<option value="c">Search Changelog</option> +</select> +<input type="text" name="q" id="searchbox" value=""> +<input type="submit" value="Go"> +</form> +</div> +</div> +<script> +function toggle_div(nm) { +var w = document.getElementById(nm); +if( w.style.display=="block" ){ +w.style.display = "none"; +}else{ +w.style.display = "block"; +} +} +function toggle_search() { +var w = document.getElementById("searchmenu"); +if( w.style.display=="block" ){ +w.style.display = "none"; +} else { +w.style.display = "block"; +setTimeout(function(){ +document.getElementById("searchbox").focus() +}, 30); +} +} +function div_off(nm){document.getElementById(nm).style.display="none";} +window.onbeforeunload = function(e){div_off("submenu");} +/* Disable the Search feature if we are not operating from CGI, since */ +/* Search is accomplished using CGI and will not work without it. */ +if( !location.origin || !location.origin.match || !location.origin.match(/http/) ){ +document.getElementById("search_menubutton").style.display = "none"; +} +/* Used by the Hide/Show button beside syntax diagrams, to toggle the */ +function hideorshow(btn,obj){ +var x = document.getElementById(obj); +var b = document.getElementById(btn); +if( x.style.display!='none' ){ +x.style.display = 'none'; +b.innerHTML='show'; +}else{ +x.style.display = ''; +b.innerHTML='hide'; +} +return false; +} +var antiRobot = 0; +function antiRobotGo(){ +if( antiRobot!=3 ) return; +antiRobot = 7; +var j = document.getElementById("mtimelink"); +if(j && j.hasAttribute("data-href")) j.href=j.getAttribute("data-href"); +} +function antiRobotDefense(){ +document.body.onmousedown=function(){ +antiRobot |= 2; +antiRobotGo(); +document.body.onmousedown=null; +} +document.body.onmousemove=function(){ +antiRobot |= 2; +antiRobotGo(); +document.body.onmousemove=null; +} +setTimeout(function(){ +antiRobot |= 1; +antiRobotGo(); +}, 100) +antiRobotGo(); +} +antiRobotDefense(); +</script> +<!-- keywords: {authorizer callback} sqlite3_set_authorizer --> +<div class=nosearch> +<a href="intro.html"><h2>SQLite C Interface</h2></a> +<h2>Compile-Time Authorization Callbacks</h2> +</div> +<blockquote><pre> +int sqlite3_set_authorizer( + sqlite3*, + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*), + void *pUserData +); +</pre></blockquote> +<p> +This routine registers an authorizer callback with a particular +<a href="../c3ref/sqlite3.html">database connection</a>, supplied in the first argument. +The authorizer callback is invoked as SQL statements are being compiled +by <a href="../c3ref/prepare.html">sqlite3_prepare()</a> or its variants <a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a>, +<a href="../c3ref/prepare.html">sqlite3_prepare_v3()</a>, <a href="../c3ref/prepare.html">sqlite3_prepare16()</a>, <a href="../c3ref/prepare.html">sqlite3_prepare16_v2()</a>, +and <a href="../c3ref/prepare.html">sqlite3_prepare16_v3()</a>. At various +points during the compilation process, as logic is being created +to perform various actions, the authorizer callback is invoked to +see if those actions are allowed. The authorizer callback should +return <a href="../rescode.html#ok">SQLITE_OK</a> to allow the action, <a href="../c3ref/c_deny.html">SQLITE_IGNORE</a> to disallow the +specific action but allow the SQL statement to continue to be +compiled, or <a href="../c3ref/c_deny.html">SQLITE_DENY</a> to cause the entire SQL statement to be +rejected with an error. If the authorizer callback returns +any value other than <a href="../c3ref/c_deny.html">SQLITE_IGNORE</a>, <a href="../rescode.html#ok">SQLITE_OK</a>, or <a href="../c3ref/c_deny.html">SQLITE_DENY</a> +then the <a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a> or equivalent call that triggered +the authorizer will fail with an error message.</p> + +<p>When the callback returns <a href="../rescode.html#ok">SQLITE_OK</a>, that means the operation +requested is ok. When the callback returns <a href="../c3ref/c_deny.html">SQLITE_DENY</a>, the +<a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a> or equivalent call that triggered the +authorizer will fail with an error message explaining that +access is denied.</p> + +<p>The first parameter to the authorizer callback is a copy of the third +parameter to the sqlite3_set_authorizer() interface. The second parameter +to the callback is an integer <a href="../c3ref/c_alter_table.html">action code</a> that specifies +the particular action to be authorized. The third through sixth parameters +to the callback are either NULL pointers or zero-terminated strings +that contain additional details about the action to be authorized. +Applications must always be prepared to encounter a NULL pointer in any +of the third through the sixth parameters of the authorization callback.</p> + +<p>If the action code is <a href="../c3ref/c_alter_table.html">SQLITE_READ</a> +and the callback returns <a href="../c3ref/c_deny.html">SQLITE_IGNORE</a> then the +<a href="../c3ref/stmt.html">prepared statement</a> statement is constructed to substitute +a NULL value in place of the table column that would have +been read if <a href="../rescode.html#ok">SQLITE_OK</a> had been returned. The <a href="../c3ref/c_deny.html">SQLITE_IGNORE</a> +return can be used to deny an untrusted user access to individual +columns of a table. +When a table is referenced by a <a href="../lang_select.html">SELECT</a> but no column values are +extracted from that table (for example in a query like +"SELECT count(*) FROM tab") then the <a href="../c3ref/c_alter_table.html">SQLITE_READ</a> authorizer callback +is invoked once for that table with a column name that is an empty string. +If the action code is <a href="../c3ref/c_alter_table.html">SQLITE_DELETE</a> and the callback returns +<a href="../c3ref/c_deny.html">SQLITE_IGNORE</a> then the <a href="../lang_delete.html">DELETE</a> operation proceeds but the +<a href="../lang_delete.html#truncateopt">truncate optimization</a> is disabled and all rows are deleted individually.</p> + +<p>An authorizer is used when <a href="../c3ref/prepare.html">preparing</a> +SQL statements from an untrusted source, to ensure that the SQL statements +do not try to access data they are not allowed to see, or that they do not +try to execute malicious statements that damage the database. For +example, an application may allow a user to enter arbitrary +SQL queries for evaluation by a database. But the application does +not want the user to be able to make arbitrary changes to the +database. An authorizer could then be put in place while the +user-entered SQL is being <a href="../c3ref/prepare.html">prepared</a> that +disallows everything except <a href="../lang_select.html">SELECT</a> statements.</p> + +<p>Applications that need to process SQL from untrusted sources +might also consider lowering resource limits using <a href="../c3ref/limit.html">sqlite3_limit()</a> +and limiting database size using the <a href="../pragma.html#pragma_max_page_count">max_page_count</a> <a href="../pragma.html#syntax">PRAGMA</a> +in addition to using an authorizer.</p> + +<p>Only a single authorizer can be in place on a database connection +at a time. Each call to sqlite3_set_authorizer overrides the +previous call. Disable the authorizer by installing a NULL callback. +The authorizer is disabled by default.</p> + +<p>The authorizer callback must not do anything that will modify +the database connection that invoked the authorizer callback. +Note that <a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a> and <a href="../c3ref/step.html">sqlite3_step()</a> both modify their +database connections for the meaning of "modify" in this paragraph.</p> + +<p>When <a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a> is used to prepare a statement, the +statement might be re-prepared during <a href="../c3ref/step.html">sqlite3_step()</a> due to a +schema change. Hence, the application should ensure that the +correct authorizer callback remains in place during the <a href="../c3ref/step.html">sqlite3_step()</a>.</p> + +<p>Note that the authorizer callback is invoked only during +<a href="../c3ref/prepare.html">sqlite3_prepare()</a> or its variants. Authorization is not +performed during statement evaluation in <a href="../c3ref/step.html">sqlite3_step()</a>, unless +as stated in the previous paragraph, sqlite3_step() invokes +sqlite3_prepare_v2() to reprepare a statement after a schema change. +</p><p>See also lists of + <a href="objlist.html">Objects</a>, + <a href="constlist.html">Constants</a>, and + <a href="funclist.html">Functions</a>.</p> + |