summaryrefslogtreecommitdiffstats
path: root/www/c3ref/set_authorizer.html
diff options
context:
space:
mode:
Diffstat (limited to 'www/c3ref/set_authorizer.html')
-rw-r--r--www/c3ref/set_authorizer.html218
1 files changed, 218 insertions, 0 deletions
diff --git a/www/c3ref/set_authorizer.html b/www/c3ref/set_authorizer.html
new file mode 100644
index 0000000..67b58ba
--- /dev/null
+++ b/www/c3ref/set_authorizer.html
@@ -0,0 +1,218 @@
+<!DOCTYPE html>
+<html><head>
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<link href="../sqlite.css" rel="stylesheet">
+<title>Compile-Time Authorization Callbacks</title>
+<!-- path=../ -->
+</head>
+<body>
+<div class=nosearch>
+<a href="../index.html">
+<img class="logo" src="../images/sqlite370_banner.gif" alt="SQLite" border="0">
+</a>
+<div><!-- IE hack to prevent disappearing logo --></div>
+<div class="tagline desktoponly">
+Small. Fast. Reliable.<br>Choose any three.
+</div>
+<div class="menu mainmenu">
+<ul>
+<li><a href="../index.html">Home</a>
+<li class='mobileonly'><a href="javascript:void(0)" onclick='toggle_div("submenu")'>Menu</a>
+<li class='wideonly'><a href='../about.html'>About</a>
+<li class='desktoponly'><a href="../docs.html">Documentation</a>
+<li class='desktoponly'><a href="../download.html">Download</a>
+<li class='wideonly'><a href='../copyright.html'>License</a>
+<li class='desktoponly'><a href="../support.html">Support</a>
+<li class='desktoponly'><a href="../prosupport.html">Purchase</a>
+<li class='search' id='search_menubutton'>
+<a href="javascript:void(0)" onclick='toggle_search()'>Search</a>
+</ul>
+</div>
+<div class="menu submenu" id="submenu">
+<ul>
+<li><a href='../about.html'>About</a>
+<li><a href='../docs.html'>Documentation</a>
+<li><a href='../download.html'>Download</a>
+<li><a href='../support.html'>Support</a>
+<li><a href='../prosupport.html'>Purchase</a>
+</ul>
+</div>
+<div class="searchmenu" id="searchmenu">
+<form method="GET" action="../search">
+<select name="s" id="searchtype">
+<option value="d">Search Documentation</option>
+<option value="c">Search Changelog</option>
+</select>
+<input type="text" name="q" id="searchbox" value="">
+<input type="submit" value="Go">
+</form>
+</div>
+</div>
+<script>
+function toggle_div(nm) {
+var w = document.getElementById(nm);
+if( w.style.display=="block" ){
+w.style.display = "none";
+}else{
+w.style.display = "block";
+}
+}
+function toggle_search() {
+var w = document.getElementById("searchmenu");
+if( w.style.display=="block" ){
+w.style.display = "none";
+} else {
+w.style.display = "block";
+setTimeout(function(){
+document.getElementById("searchbox").focus()
+}, 30);
+}
+}
+function div_off(nm){document.getElementById(nm).style.display="none";}
+window.onbeforeunload = function(e){div_off("submenu");}
+/* Disable the Search feature if we are not operating from CGI, since */
+/* Search is accomplished using CGI and will not work without it. */
+if( !location.origin || !location.origin.match || !location.origin.match(/http/) ){
+document.getElementById("search_menubutton").style.display = "none";
+}
+/* Used by the Hide/Show button beside syntax diagrams, to toggle the */
+function hideorshow(btn,obj){
+var x = document.getElementById(obj);
+var b = document.getElementById(btn);
+if( x.style.display!='none' ){
+x.style.display = 'none';
+b.innerHTML='show';
+}else{
+x.style.display = '';
+b.innerHTML='hide';
+}
+return false;
+}
+var antiRobot = 0;
+function antiRobotGo(){
+if( antiRobot!=3 ) return;
+antiRobot = 7;
+var j = document.getElementById("mtimelink");
+if(j && j.hasAttribute("data-href")) j.href=j.getAttribute("data-href");
+}
+function antiRobotDefense(){
+document.body.onmousedown=function(){
+antiRobot |= 2;
+antiRobotGo();
+document.body.onmousedown=null;
+}
+document.body.onmousemove=function(){
+antiRobot |= 2;
+antiRobotGo();
+document.body.onmousemove=null;
+}
+setTimeout(function(){
+antiRobot |= 1;
+antiRobotGo();
+}, 100)
+antiRobotGo();
+}
+antiRobotDefense();
+</script>
+<!-- keywords: {authorizer callback} sqlite3_set_authorizer -->
+<div class=nosearch>
+<a href="../c3ref/intro.html"><h2>SQLite C Interface</h2></a>
+<h2>Compile-Time Authorization Callbacks</h2>
+</div>
+<blockquote><pre>
+int sqlite3_set_authorizer(
+ sqlite3*,
+ int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
+ void *pUserData
+);
+</pre></blockquote>
+<p>
+This routine registers an authorizer callback with a particular
+<a href="../c3ref/sqlite3.html">database connection</a>, supplied in the first argument.
+The authorizer callback is invoked as SQL statements are being compiled
+by <a href="../c3ref/prepare.html">sqlite3_prepare()</a> or its variants <a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a>,
+<a href="../c3ref/prepare.html">sqlite3_prepare_v3()</a>, <a href="../c3ref/prepare.html">sqlite3_prepare16()</a>, <a href="../c3ref/prepare.html">sqlite3_prepare16_v2()</a>,
+and <a href="../c3ref/prepare.html">sqlite3_prepare16_v3()</a>. At various
+points during the compilation process, as logic is being created
+to perform various actions, the authorizer callback is invoked to
+see if those actions are allowed. The authorizer callback should
+return <a href="../rescode.html#ok">SQLITE_OK</a> to allow the action, <a href="../c3ref/c_deny.html">SQLITE_IGNORE</a> to disallow the
+specific action but allow the SQL statement to continue to be
+compiled, or <a href="../c3ref/c_deny.html">SQLITE_DENY</a> to cause the entire SQL statement to be
+rejected with an error. If the authorizer callback returns
+any value other than <a href="../c3ref/c_deny.html">SQLITE_IGNORE</a>, <a href="../rescode.html#ok">SQLITE_OK</a>, or <a href="../c3ref/c_deny.html">SQLITE_DENY</a>
+then the <a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a> or equivalent call that triggered
+the authorizer will fail with an error message.</p>
+
+<p>When the callback returns <a href="../rescode.html#ok">SQLITE_OK</a>, that means the operation
+requested is ok. When the callback returns <a href="../c3ref/c_deny.html">SQLITE_DENY</a>, the
+<a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a> or equivalent call that triggered the
+authorizer will fail with an error message explaining that
+access is denied.</p>
+
+<p>The first parameter to the authorizer callback is a copy of the third
+parameter to the sqlite3_set_authorizer() interface. The second parameter
+to the callback is an integer <a href="../c3ref/c_alter_table.html">action code</a> that specifies
+the particular action to be authorized. The third through sixth parameters
+to the callback are either NULL pointers or zero-terminated strings
+that contain additional details about the action to be authorized.
+Applications must always be prepared to encounter a NULL pointer in any
+of the third through the sixth parameters of the authorization callback.</p>
+
+<p>If the action code is <a href="../c3ref/c_alter_table.html">SQLITE_READ</a>
+and the callback returns <a href="../c3ref/c_deny.html">SQLITE_IGNORE</a> then the
+<a href="../c3ref/stmt.html">prepared statement</a> statement is constructed to substitute
+a NULL value in place of the table column that would have
+been read if <a href="../rescode.html#ok">SQLITE_OK</a> had been returned. The <a href="../c3ref/c_deny.html">SQLITE_IGNORE</a>
+return can be used to deny an untrusted user access to individual
+columns of a table.
+When a table is referenced by a <a href="../lang_select.html">SELECT</a> but no column values are
+extracted from that table (for example in a query like
+"SELECT count(*) FROM tab") then the <a href="../c3ref/c_alter_table.html">SQLITE_READ</a> authorizer callback
+is invoked once for that table with a column name that is an empty string.
+If the action code is <a href="../c3ref/c_alter_table.html">SQLITE_DELETE</a> and the callback returns
+<a href="../c3ref/c_deny.html">SQLITE_IGNORE</a> then the <a href="../lang_delete.html">DELETE</a> operation proceeds but the
+<a href="../lang_delete.html#truncateopt">truncate optimization</a> is disabled and all rows are deleted individually.</p>
+
+<p>An authorizer is used when <a href="../c3ref/prepare.html">preparing</a>
+SQL statements from an untrusted source, to ensure that the SQL statements
+do not try to access data they are not allowed to see, or that they do not
+try to execute malicious statements that damage the database. For
+example, an application may allow a user to enter arbitrary
+SQL queries for evaluation by a database. But the application does
+not want the user to be able to make arbitrary changes to the
+database. An authorizer could then be put in place while the
+user-entered SQL is being <a href="../c3ref/prepare.html">prepared</a> that
+disallows everything except <a href="../lang_select.html">SELECT</a> statements.</p>
+
+<p>Applications that need to process SQL from untrusted sources
+might also consider lowering resource limits using <a href="../c3ref/limit.html">sqlite3_limit()</a>
+and limiting database size using the <a href="../pragma.html#pragma_max_page_count">max_page_count</a> <a href="../pragma.html#syntax">PRAGMA</a>
+in addition to using an authorizer.</p>
+
+<p>Only a single authorizer can be in place on a database connection
+at a time. Each call to sqlite3_set_authorizer overrides the
+previous call. Disable the authorizer by installing a NULL callback.
+The authorizer is disabled by default.</p>
+
+<p>The authorizer callback must not do anything that will modify
+the database connection that invoked the authorizer callback.
+Note that <a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a> and <a href="../c3ref/step.html">sqlite3_step()</a> both modify their
+database connections for the meaning of "modify" in this paragraph.</p>
+
+<p>When <a href="../c3ref/prepare.html">sqlite3_prepare_v2()</a> is used to prepare a statement, the
+statement might be re-prepared during <a href="../c3ref/step.html">sqlite3_step()</a> due to a
+schema change. Hence, the application should ensure that the
+correct authorizer callback remains in place during the <a href="../c3ref/step.html">sqlite3_step()</a>.</p>
+
+<p>Note that the authorizer callback is invoked only during
+<a href="../c3ref/prepare.html">sqlite3_prepare()</a> or its variants. Authorization is not
+performed during statement evaluation in <a href="../c3ref/step.html">sqlite3_step()</a>, unless
+as stated in the previous paragraph, sqlite3_step() invokes
+sqlite3_prepare_v2() to reprepare a statement after a schema change.
+</p><p>See also lists of
+ <a href="../c3ref/objlist.html">Objects</a>,
+ <a href="../c3ref/constlist.html">Constants</a>, and
+ <a href="../c3ref/funclist.html">Functions</a>.</p>
+